JavaMail API Reference Implementation: General Discussion: DIGEST-MD5 sasl authentication failing after verifying rspauth

Issue Tracking
» Issue Tracking
Mailing Lists
Downloads
» Downloads
Message Forum
» General Discussion
Source Code Repositories
» Mercurial Source Code Repos...
» Website Repository
Website
» Website
Wiki
» Wiki

JavaMail API Reference Implementation was started in August 2008, is owned by shannon, and has 54 members.

» Join This Project

DIGEST-MD5 sasl authentication failing after verifying rspauth

» Back to forum topics

3 posts

Replies: 2 - Last Post: June 20, 2010 14:07
by: varmadatla

« Older Topic » Newer Topic

showing 1 - 3 of 3

varmadatla

Posted: June 19, 2010 18:30 by varmadatla

» Permalink

After building the latest source(6/19/2010), I tried to authenticate (with sasl) to an email server that only responds with AUTH DIGEST-MD5.

      Properties props = System.getProperties();
      props.put( "mail.smtp.auth", "true" );
      props.put( "mail.smtp.sasl.enable", "true" );
      props.put( "mail.smtp.auth.mechanisms", "DIGEST-MD5" );
      props.put( "mail.smtp.sasl.realm", "validRealm" );
      props.put("mail.smtp.host", "validHost");
      
      final Authenticator auth =
      new Authenticator(){
         @Override
         public PasswordAuthentication getPasswordAuthentication() {
            return new PasswordAuthentication("user@realm", "pwd");
         }
      };
      
      Session session = Session.getDefaultInstance(props, auth);
      session.setDebug( true );
            
      Message msg = new MimeMessage(session);      
      msg.setFrom(new InternetAddress("user@realm"));
      msg.setRecipients(Message.RecipientType.TO,
        InternetAddress.parse("user@realm", false));
      msg.setSubject("Test from Java mail-DIGEST-MD5");
      msg.setText("Body");
      
      Transport.send(msg);

It failed with the following error after a successful initial challenge/response:

DEBUG SMTP SASL: challenge: rspauth=d4ba307ab4f8e6996f062b416b914cfe :
DEBUG SMTP SASL: no response
*
501 5.7.0 Authentication aborted

The same worked fine without using sasl ( commented sasl.enable and auth.mechanisms properties on session).

After looking at the source and Wireshark output, with sasl enabled, a "*" is being sent after validating the rspauth. Without sasl, a byte[0] is being sent and is successful.

I am not sure if this is a bug or not setting necessary session properties. Could someone please verify this and suggest a solution?

Thanks

shannon	Posted: June 20, 2010 04:02 by shannon » Permalink
	Sorry, no idea. The SMTP provider has built-in DIGEST-MD5 support that predates the SASL support. One difference is that the built-in support doesn't support an authorization ID, but it's not obvious that that has anything to do with your problem. You might try asking for help in one of the Java security forums. What kind of server are you trying to connect to?

varmadatla	Posted: June 20, 2010 14:07 by varmadatla » Permalink
	Thats a good idea..i'll ask in security forums as well. I'm trying to connect to a postfix server which is authenticating using cyrus sasl. Thank you.

Replies: 2 - Last Post: June 20, 2010 14:07
by: varmadatla

« Older Topic » Newer Topic