Joe Perches <joe@xxxxxxxxxxx> writes:
> The current perl Net::SMTP support will not use AUTH LOGIN
> when other authentication options are available.
Even after reading this excuse,...
> + if (defined $smtp_auth && $smtp_auth =~ /^login$/i) {
> +
> + $smtp->datasend("AUTH LOGIN\n");
> + $smtp->response();
> + $smtp->datasend(encode_base64("$smtp_authuser"));
> + $smtp->response();
> + $smtp->datasend(encode_base64("$smtp_authpass"));
> + $smtp->response();
> +
> + } else {
> +
> + $auth ||= $smtp->auth( $smtp_authuser, $smtp_authpass ) or die $smtp->message;
> + }
... this makes me feel dirty X-(. Not the desire to force "AUTH LOGIN",
but the implementation to hand-roll the protocol exchange.
I'd rather want to know _why_ Net::SMTP does not support it in the first
place, and what it does for "other authentication options" that are
available. Does it try them in turn until it finds the one that works? Why
doesn't it fall back on "AUTH LOGIN" then?
Specifically, if there is a reason to avoid this plaintext authentication
method when other options are _available_ (which presumably would be the
reason why Net::SMTP chooses not to support it), and if there is a reason
on the user's side to _force_ this method even when people who wrote
Net::SMTP does not recommend it be used, wouldn't it be natural to expect
that there should be a way to configure the connection to use it, without
resorting to coding the protocol exchange by hand line this?
It probably is not as simple as installing Authen::SASL::*::LOGIN, but
still...
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html