[Tutor] Python IMAP library

Sat Oct 16 14:23:01 EDT 2021

On Fri, 15 Oct 2021 21:42:56 +0200, Julius Hamilton
<juliushamilton100 at gmail.com> declaimed the following:

>
>*mechanism* specifies which authentication mechanism is to be used - it
>should appear in the instance variable capabilities in the form
>AUTH=mechanism.
>
>
>When I create an IMAP4() object, I have to edit the capabilities variable
>with “AUTH=mechanism”? What mechanisms are permitted or expected?
>
	You don't "edit the capabilities variable" -- It does not use to ask
for capabilities that the server doesn't support. "capabilities" is
something you retrieve from the server itself and then parse for those you
understand.

	You obtain the list of valid authorization modes from the server. And
method the server returns after "AUTH=" in the capabilities list is an
option you can use.

Reference the RFC for IMAP (pretty much ANY library that works with a
network protocol is going to require you to read the RFC for the
details)... From the source code of imaplib
"""
 Note: to use this module, you must read the RFCs pertaining to the
    IMAP4 protocol, as the semantics of the arguments to each IMAP4
    command are left to the invoker, not to mention the results. Also,
    most IMAP servers implement a sub-set of the commands available here.
"""

https://datatracker.ietf.org/doc/html/rfc3501#section-6.1.1
"""
A capability name which begins with "AUTH=" indicates that the
      server supports that particular authentication mechanism.  All
      such names are, by definition, part of this specification.  For
      example, the authorization capability for an experimental
      "blurdybloop" authenticator would be "AUTH=XBLURDYBLOOP" and not
      "XAUTH=BLURDYBLOOP" or "XAUTH=XBLURDYBLOOP".

<SNIP>

      Client and server implementations MUST implement the STARTTLS,
      LOGINDISABLED, and AUTH=PLAIN (described in [IMAP-TLS])
      capabilities.  See the Security Considerations section for
      important information.
"""

https://docs.python.org/3/library/imaplib.html
"""
IMAP4.login(user, password)

    Identify the client using a plaintext password. The password will be
quoted.

IMAP4.login_cram_md5(user, password)

    Force use of CRAM-MD5 authentication when identifying the client to
protect the password. Will only work if the server CAPABILITY response
includes the phrase AUTH=CRAM-MD5.
"""

	I haven't made sense of the full use of AUTHENTICATE, but it sounds
like it may be needed for more complex schemes beyond the above .login()
and .login_cram_md5(). IOW, you are implementing the client side of the
authentication protocol yourself, with an "object" (since it likely needs
state between calls with each server response, a function is not viable).

-- 
	Wulfraed                 Dennis Lee Bieber         AF6VN
	wlfraed at ix.netcom.com    http://wlfraed.microdiversity.freeddns.org/