Kerberos authentication for IMAP?

Alan Hoyle alanh at unc.edu
Sat Jun 7 19:11:29 EDT 2003 

I recently discovered IMAP Spam Begone, a python client script which
accesses IMAP mailboxes, downloads mails, runs them through a local
spam filter, and moves them to a Remote spam folder if appropriate.
http://www.rogerbinns.com/isbg/

The authentication method it uses is standard username/password, and
my local IMAP server doesn't support SSL.  However, it does support
Kerberos 4.

I was wondering if it would be possible to modify the script so that
it could use my Kerberos tokens instead.  I glanced at the
documentation for the python IMAP client library:
   http://www.python.org/doc/current/lib/imap4-objects.html 
and that seems to indicate that the authenticate function won't work.

| authenticate(func) 
|          Authenticate command -- requires response processing. This is
| currently unimplemented, and raises an exception.

However, glancing at the actual source code in my python subdirectory
(/usr/lib/python2.2/imaplib.py), and found the following code snippet:

    def authenticate(self, mechanism, authobject):
        """Authenticate command - requires response processing.

        'mechanism' specifies which authentication mechanism is to
        be used - it must appear in <instance>.capabilities in the
        form AUTH=<mechanism>.

        'authobject' must be a callable object:

                data = authobject(response)

        It will be called to process server continuation responses.
        It should return data that will be encoded and sent to server.
        It should return None if the client abort response '*' should
        be sent instead.
        """
        mech = mechanism.upper()
        cap = 'AUTH=%s' % mech
        if not cap in self.capabilities:
            raise self.error("Server doesn't allow %s authentication." % mech)
        self.literal = _Authenticator(authobject).process
        typ, dat = self._simple_command('AUTHENTICATE', mech)
        if typ != 'OK':
            raise self.error(dat[-1])
        self.state = 'AUTH'
        return typ, dat

Which seems a bit more promising than the how can I set this up to use
my Kerberos tokens or TGT?  I don't want it to generate entirely new
tokens on its own.....

-alan

-- 
    Alan Hoyle  -  alanh at unc.edu  -  http://www.alanhoyle.com/
      "I don't want the world, I just want your half." -TMBG
                 Get Horizontal, Play Ultimate.

More information about the Python-list mailing list