mirror of
https://github.com/moparisthebest/curl
synced 2024-12-23 08:38:49 -05:00
eb84ca3ea8
RFC 4616 specifies the authzid is optional in the client authentication message and that the server will derive the authorisation identity (authzid) from the authentication identity (authcid) when not specified by the client.
67 lines
836 B
Plaintext
67 lines
836 B
Plaintext
<testcase>
|
|
<info>
|
|
<keywords>
|
|
POP3
|
|
SASL
|
|
SASL AUTH CRAM-MD5
|
|
SASL AUTH PLAIN
|
|
SASL DOWNGRADE
|
|
RFC1734
|
|
RFC2195
|
|
RFC5034
|
|
</keywords>
|
|
</info>
|
|
|
|
#
|
|
# Server-side
|
|
<reply>
|
|
<servercmd>
|
|
AUTH CRAM-MD5 PLAIN
|
|
REPLY "AUTH CRAM-MD5" + Rubbish
|
|
REPLY * -ERR AUTH exchange cancelled by client
|
|
REPLY "AUTH PLAIN" +
|
|
REPLY AHVzZXIAc2VjcmV0 +OK Login successful
|
|
</servercmd>
|
|
<data>
|
|
From: me@somewhere
|
|
To: fake@nowhere
|
|
|
|
body
|
|
|
|
--
|
|
yours sincerely
|
|
</data>
|
|
</reply>
|
|
|
|
#
|
|
# Client-side
|
|
<client>
|
|
<server>
|
|
pop3
|
|
</server>
|
|
<features>
|
|
crypto
|
|
</features>
|
|
<name>
|
|
POP3 CRAM-MD5 authentication with SASL downgrade
|
|
</name>
|
|
<command>
|
|
pop3://%HOSTIP:%POP3PORT/879 -u user:secret
|
|
</command>
|
|
</client>
|
|
|
|
#
|
|
# Verify data after the test has been "shot"
|
|
<verify>
|
|
<protocol>
|
|
CAPA
|
|
AUTH CRAM-MD5
|
|
*
|
|
AUTH PLAIN
|
|
AHVzZXIAc2VjcmV0
|
|
RETR 879
|
|
QUIT
|
|
</protocol>
|
|
</verify>
|
|
</testcase>
|