[Python-Dev] Issue #15014 - SMTP AUTH initial-response (beta exception requested)
Barry Warsaw
barry at python.org
Tue Jul 7 19:52:50 CEST 2015
Larry and others,
I'd like to bring your attention to issue #15014. This issue added arbitrary
auth methods to smtplib, which is a good thing. Implicitly though, a
regression was introduced w.r.t. RFC 4954's optional initial-response for the
AUTH command, for authentication methods that support it.
An example is AUTH PLAIN, which does not require a challenge. It's possible
that SMTP servers are not prepared to handle challenge/responses for
authentication methods that support initial-response, and regressions have
been seen in the wild while testing against Python 3.5. In Python 3.4, AUTH
PLAIN included an initial-response.
After discussion on the issue, RDM and I agreed on a refinement to the
authobject() protocol, such that they would be called first with
challenge=None. If the auth method implemented by the authobject() supports
an initial response, it can return the bytes to be encoded and sent along with
AUTH <METHOD>. If it returns None, then a challenge is required, and the
normal SMTP challenge/response can proceed.
A minor complication is that clients using smtplib might want to force
challenge/response instead of initial-response even for authentication methods
that support the latter. There are various reasons for this, including test
suites (such as Python's own test_smtplib.py).
So I added an optional keyword argument called *initial_response_ok* to
SMTP.auth() and SMTP.login(), with a default value of True. Thus for
authentication methods that support it, smtplib will by default send an
initial-response, but it can easily be overridden. Defaulting to True
restores compatibility with Python 3.4.
Technically, this is a new feature even though it addresses a regression in
Python 3.5. Assuming a positive response by RDM or anybody else who would
like to review the patch, I'd like to get a beta release exemption for the
change.
Patch on the issue includes implementation, test, and docs.
Cheers,
-Barry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/python-dev/attachments/20150707/2ed753db/attachment.sig>
More information about the Python-Dev
mailing list