Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.12.1

Bug #12206 Missing third step of DIGEST-MD5 results in authentication failure
Submitted: 2007-10-09 00:20 UTC
From: petern Assigned: jon
Status: Closed Package: Net_SMTP (version 1.2.10)
PHP Version: 4.3.10 OS: Debian 3.1
Roadmaps: 1.2.11    
Subscription  


 [2007-10-09 00:20 UTC] petern (Peter Nelson)
Description: ------------ /* We don't use the protocol's third step because SMTP doesn't * allow subsequent authentication, so we just silently ignore * it. */ if (PEAR::isError($error = $this->_put(' '))) { return $error; } This causes problems for servers that expect DIGEST-MD5 authentication to be completed fully. As the relevant RFC 2831 does not state either way whether partial authentication is allowed or if all three steps must be completed, one would (well, I would) assume that all steps should be performed. Actual result: -------------- < 220 localhost ESMTP Postfix > EHLO localhost < 250-localhost < 250-PIPELINING < 250-SIZE 50000000 < 250-ETRN < 250-STARTTLS < 250-AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5 < 250-AUTH=LOGIN PLAIN DIGEST-MD5 CRAM-MD5 < 250-ENHANCEDSTATUSCODES < 250-8BITMIME < 250 DSN > AUTH DIGEST-MD5 < 334 bm9u....3M= > dXNl....Ng== < 334 cnNw....MA== > < 535 5.7.0 Error: authentication failed: another step is needed in authentication > RSET < 250 2.0.0 Ok > QUIT < 221 2.0.0 Bye

Comments

 [2007-12-10 00:08 UTC] jon (Jon Parise)
Can you suggest a patch that would implement the third step?
 [2008-01-08 22:46 UTC] djbloc (Dj Bloc)
Have a related problem using the Fasthosts SMTP servers in the UK. Regardless of using either: $params["auth"] = TRUE; or $params["auth"] = 'DIGEST-MD5'; Output report from $params["debug"] = "True"; =================================== DEBUG: Recv: 250-smtp-out-68.livemail.co.uk DEBUG: Recv: 250-PIPELINING DEBUG: Recv: 250-SIZE 31457280 DEBUG: Recv: 250-VRFY DEBUG: Recv: 250-ETRN DEBUG: Recv: 250-AUTH LOGIN CRAM-MD5 DIGEST-MD5 PLAIN DEBUG: Recv: 250 8BITMIME DEBUG: Send: AUTH DIGEST-MD5 DEBUG: Recv: 334 bm9uY2U9Ik.....xhb9bWQ1LXNlc3M= DEBUG: Send: dXNlcm5hbWU9.......hidWY9NjU1MzY= DEBUG: Recv: 334 cnNwY........aDlhM2I5MzcyZg== DEBUG: Send: DEBUG: Recv: 501 Error: malformed authentication response DEBUG: Send: RSET DEBUG: Recv: 250 Ok Note: Using $params["auth"] = 'CRAM-MD5'; works as expected.
 [2008-02-11 03:05 UTC] jon (Jon Parise)
I just committed a small change to CVS which may fix the problems detailed here. In short, we were responding to the 334 response using a ' ' (space) instead of '' (empty string). I don't have convenient access to an SMTP server which performs DIGEST-MD5 authentication right now so I would be grateful to anyone who could verify that my change fixes this issue.
 [2008-02-15 05:51 UTC] jon (Jon Parise)
Thank you for your bug report. This issue has been fixed in the latest released version of the package, which you can download at http://pear.php.net/get/Net_SMTP