|Subject:||authname problem with Auth::SASL::XS|
I have had the following problem reported by a user of Net::SMTP: "It sends AUTH PLAIN with a base64 encoded string, which once decoded looks like $username$username$password. While we want \000$username\000$password (the \000 might still be there, that's not the problem)." The reporter found that commenting out the following 'authname' line in the Authen::SASL constructor call in Net::SMTP fixed the problem:That line was added with the initial introduction of Authen::SASL support, back in 2002: It seems to be simply setting all (well, nearly all) of the available callbacks that any mechanism might require, presumably so that the selected mechanism is guaranteed to have whatever callbacks it requires set up(?). Why is it that setting authname causes PLAIN to fail? According to it is indeed not necessary to set authname--only user and pass are required--but I don't see why having authname as well should break it. The reporter has a workaround (construct the Authen::SASL object in their own code and pass that to Net::SMTP::auth()), but it would be nice to fix Net::SMTP::auth() for other users. Is the use of 'authname' in Net::SMTP's call to Authen::SASL's constructor wrong, or is this a bug in Authen::SASL? I wonder if this is also related to: which reports the error: Unknown callback: 'authname'. (user|auth|language|pass) at /opt/ActivePerl-5.8/site/lib/Authen/SASL.pm line 75 from Net::SMTP. That ticket notes that only Authen::SASL::XS exhibits the error. Explicitly requesting Authen::SASL::Perl instead makes everything work. I also have another ticket reporting failed authentication (and an infinite loop problem in Net::SMTP, which I have now fixed) using Authen::SASL::XS: Again, there is no problem with Authen::SASL::Perl. So I'm wondering if there is a problem with 'authname' in Authen::SASL::XS?