Message 222516 - Python tracker

Message222516

Author	zvyn
Recipients	barry, jesstess, pitrou, r.david.murray, zvyn
Date	2014-07-07.21:00:21
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1404766823.82.0.391401675174.issue21935@psf.upfronthosting.co.za>
In-reply-to

Content
I implemented message processing for LOGIN and PLAIN authentication in smtpd. I also patched test_smtplib to make use of this functionality. The goal for the API is to provide decryption and message processing in the smtpd library and call a externally provided or overwritten function(user, password) to verify credentials. The patch provided is missing documentation and a proper API to use/activate this feature (and API specific tests of cause). Things which need to be discussed: a) how shoud AUTH be activated? (when should MAIL etc. require AUTH? when should 'AUTH' be announced in the EHLO response?) b) how should the programmer change the _verify_user_credentials method? My idea to solve a and b at once would be to set the verification function by a keyword argument and require/activate AUTH if this kwarg is set. I didn't implement CRAM-MD5 because it requires the correct password to be available in plain text.

Content

I implemented message processing for LOGIN and PLAIN authentication in smtpd. I also patched test_smtplib to make use of this functionality.

The goal for the API is to provide decryption and message processing in the smtpd library and call a externally provided or overwritten function(user, password) to verify credentials.

The patch provided is missing documentation and a proper API to use/activate this feature (and API specific tests of cause). Things which need to be discussed:
a) how shoud AUTH be activated? (when should MAIL etc. require AUTH? when should 'AUTH' be announced in the EHLO response?)
b) how should the programmer change the _verify_user_credentials method?

My idea to solve a and b at once would be to set the verification function by a keyword argument and require/activate AUTH if this kwarg is set.

I didn't implement CRAM-MD5 because it requires the correct password to be available in plain text.

History
Date	User	Action	Args
2014-07-07 21:00:24	zvyn	set	recipients: + zvyn, barry, pitrou, r.david.murray, jesstess
2014-07-07 21:00:23	zvyn	set	messageid: <1404766823.82.0.391401675174.issue21935@psf.upfronthosting.co.za>
2014-07-07 21:00:23	zvyn	link	issue21935 messages
2014-07-07 21:00:23	zvyn	create