IMAP how to login with AUTH=LOGIN in console with OpenSSL

authenticationconsoleimapopenssl

I have seen some servers that returns

AUTH=LOGIN

when I request the CAPABILITY of the IMAP server e.g:

1 CAPABILITY

CAPABILITY IMAP4 IMAP4rev1 AUTH=LOGIN AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+

How can I find more information about AUTH=LOGIN and how could I use it to login directly in the console on the server?

I tried googling it, but wasn't successful. And I would like to implement this Login format in my JAVA IMAP client.

Best Answer

LOGIN SASL mechanism is very similar to the PLAIN mechanism, but it takes two steps to authenticate:

CLIENT: AUTH LOGIN
SERVER: VXNlcm5hbWU6
CLIENT: am9l
SERVER: UGFzc3dvcmQ6
CLIENT: bXkgc2VyY3JldA==

Which, after base64 decoding translates to:

CLIENT: AUTH LOGIN
SERVER: Username:
CLIENT: joe
SERVER: Password:
CLIENT: my secret

The specification says that challenges from the server should be User Name and Password, but:

Note: There is at least one widely deployed client which requires that the challenge strings transmitted by the server be "Username:" and "Password:" respectively. For this reason, server implementations MAY send these challenge strings instead of those listed above.

There is no password encryption/hashing involved so you may test both sides quite easilly, for unencrypted communication use netcat for encrypted openssl s_client or openssl s_server.

Note that the example above lacks the used protocol necessities as this part is common to all protocols you may need (SMTP/POP3/IMAP...). The actual communication must still follow the protocol specifications:

IMAP

1 AUTH LOGIN
VXNlcm5hbWU6
am9l
UGFzc3dvcmQ6
bXkgc2VyY3JldA==

SMTP

AUTH LOGIN
334 VXNlcm5hbWU6
am9l
334 UGFzc3dvcmQ6
bXkgc2VyY3JldA==
Related Topic