none
RFC4616 Implementation Broken? RRS feed

  • Question

  • According to the Microsoft Exchange Documentation RFC4616 is supported (https://msdn.microsoft.com/en-us/library/ee624826%28v=exchg.80%29.aspx?f=255&MSPPError=-2147217396)

    However I think there is a bug when accessing another mailbox.

    When using clear-text (User/Pass authentication RFC1939) i can access another mailbox onto which i have permissions by sending the username in the format myuser@mydomain\mailbox-to-access.

    When using SASL PLAIN authentication as defiend in RFC4616 I send this in the format:
      <NUL>mailbox-to-access<NUL>myuser@mydomain<NUL>my-password

    This never works. Sending just
      <NUL>myuser@mydomain<NUL>my-password
    does work though.

    So how (using PLAIN authentication) which is supposed to be supported do I connect to another mailbox?

    Wednesday, January 16, 2019 3:53 PM

All replies

  • Hi Ateece,

    Per my personal understanding, it seems only support the format "[authzid] UTF8 <NUL> authcid UTF8 <NUL> passwd", the first [authzid] is different from the second authzid (identity to act as), cannot be an actual user identity.

     PLAIN SASL Mechanism

       The mechanism consists of a single message, a string of [UTF-8]
       encoded [Unicode] characters, from the client to the server.  The
       client presents the authorization identity (identity to act as),
       followed by a NUL (U+0000) character, followed by the authentication
       identity (identity whose password will be used), followed by a NUL
       (U+0000) character, followed by the clear-text password.  As with
       other SASL mechanisms, the client does not provide an authorization
       identity when it wishes the server to derive an identity from the
       credentials and use that as the authorization identity.

    Moreover, I'll move this thread to Development forum, as they should have more professional knowledge on this and you may get effective solution timely. Thanks for your understanding,


    Best Regards,
    Niko Cheng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.


    Thursday, January 17, 2019 10:17 AM
    Moderator
  • Niko,

      I'm a little unclear what your saying? If authzid cannot be another mailbox onto which the authcid has access then what can it be?

      If you are saying that Microsoft Exchange doesn't support this format then surely that means it doesn't support RFC4616 - and either that needs fixing or the documentation should be updated to reflect RFC4616 isn't supported and Exchange should no longer advertise PLAIN in response to a CAPA command as it is misleading to only 1/2 implement an RFC. Certainly this is causing us a lot of headaches in trying to do something that is stated as supported but doesn't work!

    Andrew

    Thursday, January 17, 2019 10:27 AM