233106 - plaintext IMAP auth fails after CRAM-MD5 attempt: need a pref to disable secure auth attempt

Status: RESOLVED WORKSFORME

(MailNews Core :: Networking: IMAP, defect)

Description

[Maurizio Avogadro]

User-Agent:       
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.6) Gecko/20040115

It seems that Mozilla mail client's new CRAM-MD5 auth support creates some
problems with some servers (see attached log): after a first attempt with
encrypted authentication the client falls down to a plain authentication which
always fails.
This issue occurs with the IMAP mail server of a major italian access provider:
Telecom Italia Net, the server name is box.tin.it: the server declares CRAM-MD5
capability, but does not authenticate the client.
The same happens also with the v1.6 build 20040113 binary for win32 as
downloaded from mozilla.org ftp.
As far as I can see CRAM-MD5 support is new with v1.6; with Mozilla's v1.5 mail
client the authentication succeeded flawlessly.
What about a checkbox in the account settings allowing to skip the initial
CRAM-MD5 auth attempt (maybe default=disabled just like any other secured auth
setting)?

Reproducible: Always
Steps to Reproduce:
1.connect with any ISP;
2.configure an IMAP account with Telecom Italia Net;
3.try to access the mailbox

Actual Results:  
a box asking for a password appears; login fails; appears a box "Alert - Login
to server box.tin.it failed"; after pressing OK, a box asking for a valid
password appears; after retyping the correct password the client stops any
further attempt silently (is this behaviour as expected?). The contents of the
IMAP folders aren't updated.

Expected Results:  
login successfully, the contents of the folders are updated!

IMAP connection log obtained with the command:

$ export NSPR_LOG_MODULES=IMAP:5; export NSPR_LOG_FILE=~/mozilla-imaplog.log;
/usr/bin/mozilla -mail

mozilla-imaplog.log contents:

81925[8a56130]: ImapThreadMainLoop entering [this=8a4d610]
16384[80ad318]: 8a4d610:box.tin.it:NA:SetupWithUrl: clearing IMAP_CONNECTION_IS_OPEN
81925[8a56130]: 8a4d610:box.tin.it:NA:ProcessCurrentURL: entering
81925[8a56130]:
8a4d610:box.tin.it:NA:ProcessCurrentURL:imap://[mailboxname]@box.tin.it:143/select%3E/INBOX:
 = currentUrl
81925[8a56130]: ReadNextLine [stream=8a56638 nb=41 needmore=0]
81925[8a56130]: 8a4d610:box.tin.it:NA:CreateNewLineFromSocket: * OK IMAP4 PROXY
server ready (7.0.019)
81925[8a56130]: 8a4d610:box.tin.it:NA:SendData: 1 capability
81925[8a56130]: ReadNextLine [stream=8a56638 nb=108 needmore=0]
81925[8a56130]: 8a4d610:box.tin.it:NA:CreateNewLineFromSocket: * CAPABILITY
IMAP4rev1 UIDPLUS IDLE LOGIN-REFERRALS NAMESPACE QUOTA CHILDREN AUTH=CRAM-MD5
AUTH=DIGEST-MD5
81925[8a56130]: ReadNextLine [stream=8a56638 nb=26 needmore=0]
81925[8a56130]: 8a4d610:box.tin.it:NA:CreateNewLineFromSocket: 1 OK capabilities
listed
81925[8a56130]: 8a4d610:box.tin.it:NA:SendData: 2 authenticate CRAM-MD5
81925[8a56130]: ReadNextLine [stream=8a56638 nb=80 needmore=0]
81925[8a56130]: 8a4d610:box.tin.it:NA:CreateNewLineFromSocket: +
PDE3RTM0NTVEMjc5RDI5REFEMDBDMjBBMDI5RURCQjk3NzUyOUY4RDFAcG9wMS5jcC50aW4uaXQ+
81925[8a56130]: 8a4d610:box.tin.it:NA:SendData:
aWZpbXJvbWEgNGZmZDk1MDVhNGU3ZDUzNGQxNjlkMmMyM2MwYmEzOWQ=
81925[8a56130]: ReadNextLine [stream=8a56638 nb=21 needmore=0]
81925[8a56130]: 8a4d610:box.tin.it:NA:CreateNewLineFromSocket: * BYE disconnecting
81925[8a56130]: 8a4d610:box.tin.it:NA:SendData: Logging suppressed for this
command (it probably contained authentication information)
81925[8a56130]: ReadNextLine [stream=8a56638 nb=29 needmore=0]
81925[8a56130]: 8a4d610:box.tin.it:NA:CreateNewLineFromSocket: 2 NO invalid
proxy password
81925[8a56130]: 8a4d610:box.tin.it:NA:ProcessCurrentURL: aborting queued urls
81925[8a56130]: 8a4d610:box.tin.it:NA:TellThreadToDie: close socket connection
81925[8a56130]: ImapThreadMainLoop leaving [this=8a4d610]

Comment 1

[David :Bienvenu]

we have one - use Secure Authentication. But it only turns off cram-md5 in 1.7,
unfortunately. So, this is fixed in 1.7