Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Exception when trying to log in to SMTP #1575

Closed
martinjanda opened this issue May 7, 2024 · 7 comments
Closed

Exception when trying to log in to SMTP #1575

martinjanda opened this issue May 7, 2024 · 7 comments

Comments

@martinjanda
Copy link

Describe the bug
I get PHP Exception in log, when trying to log in to SMTP. In admin GUI I get Timeout.

I've tried no TLS, STARTTLS SSH/TLS with the same exception.

I'm not sure if this is a bug or if I'm doing something wrong.

To Reproduce
Steps to reproduce the behavior:

  1. In Admin menu add new domain
  2. I fill in all data in the IMAP and SMTP section
  3. Press Test
  4. IMAP works fine, SMTP fails

Expected behavior
Success log in to SMTP. User and pass works fine in Thunderbird etc.

Please complete the following information:

  • PHP version: PHP 8.2.18
  • SnappyMail Version: 2.36.1
  • Mode: standalone

Debug/logging information

[2024-05-07 10:42:34.709][4d62c6e4] SMTP[INFO]: Start connection to "tcp://localhost:587"
[2024-05-07 10:42:34.709][4d62c6e4] SMTP[INFO]: Connect (success)
[2024-05-07 10:42:34.709][4d62c6e4] SMTP[DEBUG]: 0.00025200843811035 (raw connection)
[2024-05-07 10:42:34.709][4d62c6e4] SMTP[INFO]: < 220 mail.smartus.cz ESMTP mox v0.0.11\r\n
[2024-05-07 10:42:34.709][4d62c6e4] SMTP[INFO]: > EHLO _\r\n
[2024-05-07 10:42:34.709][4d62c6e4] SMTP[INFO]: < 250-mail.smartus.cz\r\n
[2024-05-07 10:42:34.709][4d62c6e4] SMTP[INFO]: < 250-PIPELINING\r\n
[2024-05-07 10:42:34.709][4d62c6e4] SMTP[INFO]: < 250-SIZE 104857600\r\n
[2024-05-07 10:42:34.709][4d62c6e4] SMTP[INFO]: < 250-REQUIRETLS\r\n
[2024-05-07 10:42:34.709][4d62c6e4] SMTP[INFO]: < 250-AUTH SCRAM-SHA-256-PLUS SCRAM-SHA-256 SCRAM-SHA-1-PLUS SCRAM-SHA-1 CRAM-MD5 PLAIN LOGIN\r\n
[2024-05-07 10:42:34.709][4d62c6e4] SMTP[INFO]: < 250-FUTURERELEASE 5184000 2024-07-06T10:42:34Z\r\n
[2024-05-07 10:42:34.709][4d62c6e4] SMTP[INFO]: < 250-ENHANCEDSTATUSCODES\r\n
[2024-05-07 10:42:34.709][4d62c6e4] SMTP[INFO]: < 250-8BITMIME\r\n
[2024-05-07 10:42:34.709][4d62c6e4] SMTP[INFO]: < 250-LIMITS RCPTMAX=1000\r\n
[2024-05-07 10:42:34.709][4d62c6e4] SMTP[INFO]: < 250 SMTPUTF8\r\n
[2024-05-07 10:42:34.710][4d62c6e4] SMTP[INFO]: > AUTH SCRAM-SHA-256\r\n
[2024-05-07 10:42:34.710][4d62c6e4] SMTP[INFO]: < 334 \r\n
[2024-05-07 10:42:34.710][4d62c6e4] SMTP[INFO]: > *******\r\n
[2024-05-07 10:42:34.710][4d62c6e4] SMTP[INFO]: < 334 %HASH%\r\n
[2024-05-07 10:42:34.710][4d62c6e4] SMTP[ERROR]: MailSo\Smtp\Exceptions\NegativeResponseException: 334 %HASH% in /var/www/webmail/snappymail/v/2.36.1/app/libraries/MailSo/Smtp/SmtpClient.php:579
Stack trace:
#0 /var/www/webmail/snappymail/v/2.36.1/app/libraries/MailSo/Smtp/SmtpClient.php(487): MailSo\Smtp\SmtpClient->validateResponse()
#1 /var/www/webmail/snappymail/v/2.36.1/app/libraries/MailSo/Smtp/SmtpClient.php(186): MailSo\Smtp\SmtpClient->sendRequestWithCheck()
#2 /var/www/webmail/snappymail/v/2.36.1/app/libraries/RainLoop/Actions/AdminDomains.php(163): MailSo\Smtp\SmtpClient->Login()
#3 /var/www/webmail/snappymail/v/2.36.1/app/libraries/RainLoop/ServiceActions.php(134): RainLoop\ActionsAdmin->DoAdminDomainTest()
#4 /var/www/webmail/snappymail/v/2.36.1/app/libraries/RainLoop/Service.php(132): RainLoop\ServiceActions->ServiceJson()
#5 /var/www/webmail/snappymail/v/2.36.1/app/libraries/RainLoop/Service.php(14): RainLoop\Service::RunResult()
#6 /var/www/webmail/snappymail/v/2.36.1/include.php(136): RainLoop\Service::Handle()
#7 /var/www/webmail/index.php(11): include('...')
#8 {main}
[2024-05-07 10:42:34.710][4d62c6e4] SMTP[NOTICE]: MailSo\Smtp\Exceptions\NegativeResponseException: 334 %HASH% in /var/www/webmail/snappymail/v/2.36.1/app/libraries/MailSo/Smtp/SmtpClient.php:579
Stack trace:
#0 /var/www/webmail/snappymail/v/2.36.1/app/libraries/MailSo/Smtp/SmtpClient.php(487): MailSo\Smtp\SmtpClient->validateResponse()
#1 /var/www/webmail/snappymail/v/2.36.1/app/libraries/MailSo/Smtp/SmtpClient.php(186): MailSo\Smtp\SmtpClient->sendRequestWithCheck()
#2 /var/www/webmail/snappymail/v/2.36.1/app/libraries/RainLoop/Actions/AdminDomains.php(163): MailSo\Smtp\SmtpClient->Login()
#3 /var/www/webmail/snappymail/v/2.36.1/app/libraries/RainLoop/ServiceActions.php(134): RainLoop\ActionsAdmin->DoAdminDomainTest()
#4 /var/www/webmail/snappymail/v/2.36.1/app/libraries/RainLoop/Service.php(132): RainLoop\ServiceActions->ServiceJson()
#5 /var/www/webmail/snappymail/v/2.36.1/app/libraries/RainLoop/Service.php(14): RainLoop\Service::RunResult()
#6 /var/www/webmail/snappymail/v/2.36.1/include.php(136): RainLoop\Service::Handle()
#7 /var/www/webmail/index.php(11): include('...')
#8 {main}

Next MailSo\Smtp\Exceptions\LoginBadCredentialsException: 334 %HASH% in /var/www/webmail/snappymail/v/2.36.1/app/libraries/MailSo/Smtp/SmtpClient.php:216
Stack trace:
#0 /var/www/webmail/snappymail/v/2.36.1/app/libraries/RainLoop/Actions/AdminDomains.php(163): MailSo\Smtp\SmtpClient->Login()
#1 /var/www/webmail/snappymail/v/2.36.1/app/libraries/RainLoop/ServiceActions.php(134): RainLoop\ActionsAdmin->DoAdminDomainTest()
#2 /var/www/webmail/snappymail/v/2.36.1/app/libraries/RainLoop/Service.php(132): RainLoop\ServiceActions->ServiceJson()
#3 /var/www/webmail/snappymail/v/2.36.1/app/libraries/RainLoop/Service.php(14): RainLoop\Service::RunResult()
#4 /var/www/webmail/snappymail/v/2.36.1/include.php(136): RainLoop\Service::Handle()
#5 /var/www/webmail/index.php(11): include('...')
#6 {main}
[2024-05-07 10:42:34.710][4d62c6e4] SMTP[INFO]: > QUIT\r\n

Log from mox server:

May 07 12:22:30 mail mox[218018]: l=info m="new connection" pkg=smtpserver remote=127.0.0.1:60404 local=127.0.0.1:587 submission=true tls=false listener=internal cid=18f52931701 delta="27.16µs"
May 07 12:22:30 mail mox[218018]: l=trace m="LS: 220 mail.smartus.cz ESMTP mox v0.0.11\r\n" pkg=smtpserver cid=18f52931701 delta="43.579µs"
May 07 12:22:30 mail mox[218018]: l=trace m="RC: EHLO _\r\n" pkg=smtpserver cid=18f52931701 delta="120.249µs"
May 07 12:22:30 mail mox[218018]: l=debug m="smtp command result" pkg=smtpserver kind=submission cmd=ehlo code=250 ecode= duration="32.92µs" cid=18f52931701 delta="61.209µs"
May 07 12:22:30 mail mox[218018]: l=trace m="LS: 250-mail.smartus.cz\r\n250-PIPELINING\r\n250-SIZE 104857600\r\n250-REQUIRETLS\r\n250-AUTH SCRAM-SHA-256-PLUS SCRAM-SHA-256 SCRAM-SHA-1-PLUS SCRAM-SHA-1 CRAM-MD5 PLAIN LOGIN\r\n250-FUTURERELEASE 5184000 2024-07-06T10:22:30Z\r\n250-ENHANCEDSTATUSCODES\r\n250-8BITMIME\r\n250-LIMITS RCPTMAX=1000\r\n250 SMTPUTF8\r\n" pkg=smtpserver cid=18f52931701 delta="26.729µs"
May 07 12:22:30 mail mox[218018]: l=trace m="RC: AUTH SCRAM-SHA-256\r\n" pkg=smtpserver cid=18f52931701 delta="175.137µs"
May 07 12:22:30 mail mox[218018]: l=trace m="LS: 334 \r\n" pkg=smtpserver cid=18f52931701 delta="41.249µs"
May 07 12:22:30 mail mox[218018]: l=trace m="RC: %HASH%\r\n" pkg=smtpserver cid=18f52931701 delta="115.448µs"
May 07 12:22:30 mail mox[218018]: l=debug m="scram auth" pkg=smtpserver authentication=janda@aztowerbrno.cz cid=18f52931701 delta="29.87µs"
May 07 12:22:30 mail mox[218018]: l=trace m="LS: 334 %HASH%==\r\n" pkg=smtpserver cid=18f52931701 delta="63.829µs"
May 07 12:22:30 mail mox[218018]: l=trace m="RC: QUIT\r\n" pkg=smtpserver cid=18f52931701 delta="335.804µs"
May 07 12:23:00 mail mox[218018]: l=info m="connection closed" err="read: read tcp 127.0.0.1:587->127.0.0.1:60404: i/o timeout (io error)" pkg=smtpserver cid=18f52931701 delta=30.023363816s

@mjl-
Copy link

mjl- commented May 9, 2024

@martinjanda Could you try replacing 234 with 334 on the line below? The 234 looks like a typo, I don't recognize it as a valid smtp response code. 334 means "continuation data", which this is. Other lines above/below are also checking for 334.

https://github.com/the-djmaze/snappymail/blob/v2.36.1/snappymail/v/0.0.0/app/libraries/MailSo/Smtp/SmtpClient.php#L186

@martinjanda
Copy link
Author

Thank you. It fails faster, but error in log of snappymail is the same:

[2024-05-09 12:57:29.693][f6d1dfb6] SMTP[INFO]: Start connection to "tcp://localhost:587"
[2024-05-09 12:57:29.693][f6d1dfb6] SMTP[INFO]: Connect (success)
[2024-05-09 12:57:29.694][f6d1dfb6] SMTP[DEBUG]: 0.0002899169921875 (raw connection)
[2024-05-09 12:57:29.694][f6d1dfb6] SMTP[INFO]: < 220 mail.smartus.cz ESMTP mox v0.0.11\r\n
[2024-05-09 12:57:29.694][f6d1dfb6] SMTP[INFO]: > EHLO _\r\n
[2024-05-09 12:57:29.694][f6d1dfb6] SMTP[INFO]: < 250-mail.smartus.cz\r\n
[2024-05-09 12:57:29.694][f6d1dfb6] SMTP[INFO]: < 250-PIPELINING\r\n
[2024-05-09 12:57:29.694][f6d1dfb6] SMTP[INFO]: < 250-SIZE 104857600\r\n
[2024-05-09 12:57:29.694][f6d1dfb6] SMTP[INFO]: < 250-REQUIRETLS\r\n
[2024-05-09 12:57:29.694][f6d1dfb6] SMTP[INFO]: < 250-AUTH SCRAM-SHA-256-PLUS SCRAM-SHA-256 SCRAM-SHA-1-PLUS SCRAM-SHA-1 CRAM-MD5 PLAIN LOGIN\r\n
[2024-05-09 12:57:29.694][f6d1dfb6] SMTP[INFO]: < 250-FUTURERELEASE 5184000 2024-07-08T12:57:29Z\r\n
[2024-05-09 12:57:29.694][f6d1dfb6] SMTP[INFO]: < 250-ENHANCEDSTATUSCODES\r\n
[2024-05-09 12:57:29.694][f6d1dfb6] SMTP[INFO]: < 250-8BITMIME\r\n
[2024-05-09 12:57:29.694][f6d1dfb6] SMTP[INFO]: < 250-LIMITS RCPTMAX=1000\r\n
[2024-05-09 12:57:29.694][f6d1dfb6] SMTP[INFO]: < 250 SMTPUTF8\r\n
[2024-05-09 12:57:29.694][f6d1dfb6] SMTP[INFO]: > AUTH SCRAM-SHA-256\r\n
[2024-05-09 12:57:29.694][f6d1dfb6] SMTP[INFO]: < 334 \r\n
[2024-05-09 12:57:29.694][f6d1dfb6] SMTP[INFO]: > *******\r\n
[2024-05-09 12:57:29.694][f6d1dfb6] SMTP[INFO]: < 334 HASH==\r\n
[2024-05-09 12:57:29.700][f6d1dfb6] SMTP[INFO]: > *******\r\n
[2024-05-09 12:57:29.700][f6d1dfb6] SMTP[INFO]: < 334 HASH2==\r\n
[2024-05-09 12:57:29.700][f6d1dfb6] SMTP[ERROR]: MailSo\Smtp\Exceptions\NegativeResponseException: 334 HASH2== in /var/www/webmail/snappymail/v/2.36.1/app/libraries/MailSo/Smtp/SmtpClient.php:579
Stack trace:
#0 /var/www/webmail/snappymail/v/2.36.1/app/libraries/MailSo/Smtp/SmtpClient.php(487): MailSo\Smtp\SmtpClient->validateResponse()
#1 /var/www/webmail/snappymail/v/2.36.1/app/libraries/MailSo/Smtp/SmtpClient.php(210): MailSo\Smtp\SmtpClient->sendRequestWithCheck()
#2 /var/www/webmail/snappymail/v/2.36.1/app/libraries/RainLoop/Model/Account.php(264): MailSo\Smtp\SmtpClient->Login()
#3 /var/www/webmail/snappymail/v/2.36.1/app/libraries/RainLoop/Model/Account.php(230): RainLoop\Model\Account->netClientLogin()
#4 /var/www/webmail/snappymail/v/2.36.1/app/libraries/RainLoop/Actions/Messages.php(792): RainLoop\Model\Account->SmtpConnectAndLogin()
#5 /var/www/webmail/snappymail/v/2.36.1/app/libraries/RainLoop/Actions/Messages.php(192): RainLoop\Actions->smtpSendMessage()
#6 /var/www/webmail/snappymail/v/2.36.1/app/libraries/RainLoop/ServiceActions.php(134): RainLoop\Actions->DoSendMessage()
#7 /var/www/webmail/snappymail/v/2.36.1/app/libraries/RainLoop/Service.php(132): RainLoop\ServiceActions->ServiceJson()
#8 /var/www/webmail/snappymail/v/2.36.1/app/libraries/RainLoop/Service.php(14): RainLoop\Service::RunResult()
#9 /var/www/webmail/snappymail/v/2.36.1/include.php(136): RainLoop\Service::Handle()
#10 /var/www/webmail/index.php(11): include('...')
#11 {main}
[2024-05-09 12:57:29.700][f6d1dfb6] SMTP[NOTICE]: MailSo\Smtp\Exceptions\NegativeResponseException: 334 dj1UNk1aZlBLRW0xQlMvVWVHUURab0tiOEhJWTl3YUxNYmVQcHU5OTFoV3hZPQ== in /var/www/webmail/snappymail/v/2.36.1/app/libraries/MailSo/Smtp/SmtpClient.php:579
Stack trace:
#0 /var/www/webmail/snappymail/v/2.36.1/app/libraries/MailSo/Smtp/SmtpClient.php(487): MailSo\Smtp\SmtpClient->validateResponse()
#1 /var/www/webmail/snappymail/v/2.36.1/app/libraries/MailSo/Smtp/SmtpClient.php(210): MailSo\Smtp\SmtpClient->sendRequestWithCheck()
#2 /var/www/webmail/snappymail/v/2.36.1/app/libraries/RainLoop/Model/Account.php(264): MailSo\Smtp\SmtpClient->Login()
#3 /var/www/webmail/snappymail/v/2.36.1/app/libraries/RainLoop/Model/Account.php(230): RainLoop\Model\Account->netClientLogin()
#4 /var/www/webmail/snappymail/v/2.36.1/app/libraries/RainLoop/Actions/Messages.php(792): RainLoop\Model\Account->SmtpConnectAndLogin()
#5 /var/www/webmail/snappymail/v/2.36.1/app/libraries/RainLoop/Actions/Messages.php(192): RainLoop\Actions->smtpSendMessage()
#6 /var/www/webmail/snappymail/v/2.36.1/app/libraries/RainLoop/ServiceActions.php(134): RainLoop\Actions->DoSendMessage()
#7 /var/www/webmail/snappymail/v/2.36.1/app/libraries/RainLoop/Service.php(132): RainLoop\ServiceActions->ServiceJson()
#8 /var/www/webmail/snappymail/v/2.36.1/app/libraries/RainLoop/Service.php(14): RainLoop\Service::RunResult()
#9 /var/www/webmail/snappymail/v/2.36.1/include.php(136): RainLoop\Service::Handle()
#10 /var/www/webmail/index.php(11): include('...')
#11 {main}

Next MailSo\Smtp\Exceptions\LoginBadCredentialsException: 334 HASH2== in /var/www/webmail/snappymail/v/2.36.1/app/libraries/MailSo/Smtp/SmtpClient.php:216
Stack trace:
#0 /var/www/webmail/snappymail/v/2.36.1/app/libraries/RainLoop/Model/Account.php(264): MailSo\Smtp\SmtpClient->Login()
#1 /var/www/webmail/snappymail/v/2.36.1/app/libraries/RainLoop/Model/Account.php(230): RainLoop\Model\Account->netClientLogin()
#2 /var/www/webmail/snappymail/v/2.36.1/app/libraries/RainLoop/Actions/Messages.php(792): RainLoop\Model\Account->SmtpConnectAndLogin()
#3 /var/www/webmail/snappymail/v/2.36.1/app/libraries/RainLoop/Actions/Messages.php(192): RainLoop\Actions->smtpSendMessage()
#4 /var/www/webmail/snappymail/v/2.36.1/app/libraries/RainLoop/ServiceActions.php(134): RainLoop\Actions->DoSendMessage()
#5 /var/www/webmail/snappymail/v/2.36.1/app/libraries/RainLoop/Service.php(132): RainLoop\ServiceActions->ServiceJson()
#6 /var/www/webmail/snappymail/v/2.36.1/app/libraries/RainLoop/Service.php(14): RainLoop\Service::RunResult()
#7 /var/www/webmail/snappymail/v/2.36.1/include.php(136): RainLoop\Service::Handle()
#8 /var/www/webmail/index.php(11): include('...')
#9 {main}
[2024-05-09 12:57:29.700][f6d1dfb6] SMTP[INFO]: > QUIT\r\n
[2024-05-09 12:57:29.700][f6d1dfb6] SMTP[INFO]: < 235 2.7.0 nice\r\n

@mjl-
Copy link

mjl- commented May 9, 2024

@martinjanda i suspect the smtp client code is assuming the auth handshake is finished after the first hash. it is expecting 235 "auth ok" when it is getting "334 [hash2]". the code may be based on cram-md5 (with fewer roundtrips).

for comparison, see the code in imap client, which does another write & read before verify:

https://github.com/the-djmaze/snappymail/blob/v2.36.1/snappymail/v/0.0.0/app/libraries/MailSo/Imap/ImapClient.php#L171

i'm not familiar enough with this code base or php to make changes (in a reasonable time frame).

@the-djmaze
Copy link
Owner

When i'm reading RFC 5802 correctly, there should only be one 334 (server challenge) response.

the-djmaze pushed a commit that referenced this issue May 13, 2024
@mjl-
Copy link

mjl- commented May 13, 2024

https://datatracker.ietf.org/doc/html/rfc5802#section-5 has this as example:

   C: n,,n=user,r=fyko+d2lbbFgONRv9qkxdawL
   S: r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,
      i=4096
   C: c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,
      p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts=
   S: v=rmF9pqV8S7suAoZWja4dJRkFsKQ=

This is a session of mutt authenticating to mox (localserve):

C: AUTH SCRAM-SHA-256
S: 334 
C: bixhPW1veEBsb2NhbGhvc3Qsbj1tb3hAbG9jYWxob3N0LHI9UDFxMGxWdzNaVXVNZmpMRngxSWR0QjRH
S: 334 cj1QMXEwbFZ3M1pVdU1makxGeDFJZHRCNEcvZWFDbE9IaXU0dkhQdmlPLHM9ZkJBRko2cGdTVXlwOTZudyxpPTQwOTY=
C: Yz1iaXhoUFcxdmVFQnNiMk5oYkdodmMzUXMscj1QMXEwbFZ3M1pVdU1makxGeDFJZHRCNEcvZWFDbE9IaXU0dkhQdmlPLHA9cFJlMi9Ca0x0MG5iZFAzOGVia3NuZ2dqZ2trTFRLalBjK0lIcVpOSHdHOD0=
S: 334 dj1EVWg3d0VURkFFQXBQMVV5MVBWcGxuMkV2Ry9SUDFYN3ZyZnptYytHMnd3PQ==
C: 
S: 235 2.7.0 nice

And this is the same session, but with the base64 of scram decoded so it looks more like what we're seeing in the RFC:

C: AUTH SCRAM-SHA-256
S: 334 
C: n,a=mox@localhost,n=mox@localhost,r=P1q0lVw3ZUuMfjLFx1IdtB4G
S: 334 r=P1q0lVw3ZUuMfjLFx1IdtB4G/eaClOHiu4vHPviO,s=fBAFJ6pgSUyp96nw,i=4096
C: c=bixhPW1veEBsb2NhbGhvc3Qs,r=P1q0lVw3ZUuMfjLFx1IdtB4G/eaClOHiu4vHPviO,p=pRe2/BkLt0nbdP38ebksnggjgkkLTKjPc+IHqZNHwG8=
S: 334 v=DUh7wETFAEApP1Uy1PVpln2EvG/RP1X7vrfzmc+G2ww=
C: 
S: 235 2.7.0 nice

So even before the first message from the client, the server will have sent the first 334.
The last server message is also sent with a 334, and the client must send an empty response (scram has nothing for the client to send at that point, but the protocol must be finished).

It may be possible for the first client message after the AUTH command to be sent immediately as parameter in the AUTH command (SASL has a concept mode for that, I believe called immediate reply/response. IMAP has a capability SASL-IR that announces server support for it, but a quick search doesn't turn it up for SMTP).

Btw, I think SASL libraries are commonly designed/intended to be used without the protocol handling code (i.e. the imap/smtp clients/servers) knowing about the details of the SASL exchange. The SASL library would have an interface (API method) that indicates that there is another line to write (to the server). So as a client you could implement the sasl authentication as a loop that reads the next line from the sasl object, writes it to the server, then reads a (continuation/success/failure) line from the server. Those libraries would also do the selection of the authentication mechanism (plain, cram-md5, scram-* variants). This doesn't always work that well in practice, mox just handles SASL itself in its imap and smtp server.

@the-djmaze
Copy link
Owner

the-djmaze commented May 14, 2024

I couldn't find the following in the RFC nor SMTP implementation
334 "server-final-message"

So i assumed that "server-final-message" was equal to 235.

SMTP 334 response is the "Server challenge". the text part contains the Base64-encoded challenge

SMTP 235 response is "Authentication succeeded"

As the RFC 5802 "server-first-message" contains data for the challenge (nonce, salt, iterator).
I assumed 334 was only used there.

But the "server-final-message" has a challenge for the client to verify.

   The server verifies the nonce and the proof, verifies that the
   authorization identity (if supplied by the client in the first
   message) is authorized to act as the authentication identity, and,
   finally, it responds with a "server-final-message", concluding the
   authentication exchange.

   The client then authenticates the server by computing the
   ServerSignature and comparing it to the value sent by the server.  If
   the two are different, the client MUST consider the authentication
   exchange to be unsuccessful, and it might have to drop the
   connection.

@Neustradamus
Copy link

Thanks to:

SCRAM is more and more used and replaces old/unsecure CRAM-MD5/DIGEST-MD5.

Commits:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants