[Top] [All Lists]

Re: CRAM-MD5 Authentication -- leave the previous mail..

2005-12-01 08:05:28


What server are you using?

Based on your input, the logic seems correct.  In other words, I was
able to duplicate the CRAM-MD5 authentication credential string sent to
the server:


So this might be a backend issue.

here is a C/C++ SMTP client class method for CRAM-MD5 I know works.  I
think it is self documented.

BOOL CSMTPClient::AuthCRAM(const char *szUser, const char *szPass)
    // see d:\rfc\smtp.auth.rfc2554.txt
    //     d:\rfc\cram-md5.rfc2195.txt
    // C: AUTH CRAM-MD5
    // S: 334 base64(challengestring)
    // C: base64(szUser + " "+md5(challengestring,pwd))
    // S: 235 Authentication Successful

    printf("** Authenticating using AUTH CRAM-MD5\n");

    int status;
    char szResponse[1024];
    char szBuffer[1024];
    char szChallenge[1024];
    char szTemp[256];

    status = Sendf("AUTH CRAM-MD5\r\n");
    if (status == -1) return FALSE;

    // expected responses
    // 504 unrecognized method
    // 334 base64(wildcat challenge string)

    // ReadResponse is simply a wrapper around
    // select() and recv()

    status = ReadResponse(szResponse, sizeof(szResponse),TRUE);
    if (status != 334) return FALSE;

    char *p = strchr(szResponse,' ');
    if (!p) return FALSE;


    char hshbuf[2*MD5_DIGEST_SIZE + 1];
    hmac_md5 (szChallenge,strlen(szChallenge),

    if (strchr(szTemp,' ')) MakeDotName(szTemp);

    wsprintf(szBuffer,"%s %s",szTemp,hshbuf);

    status = Sendf("%s\r\n",szResponse);
    if (status == -1) return FALSE;

    status = ReadResponse(szResponse, sizeof(szResponse));

    // expected responses
    // 235 Authentication successful

    if (status != 235) {
        return FALSE;

    return TRUE;

Hector Santos, Santronics Software, Inc.

----- Original Message -----
From: "Vijayan" <vijayan(_at_)jataayusoft(_dot_)com>
To: <ietf-smtp(_at_)imc(_dot_)org>
Cc: "Robert A. Rosenberg" <hal9001(_at_)panix(_dot_)com>;
<Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu>; "Paul Smith" 
<paul(_at_)pscs(_dot_)co(_dot_)uk>; "Tony Finch"
<dot(_at_)dotat(_dot_)at>; "Frank Ellermann" 
Sent: Thursday, December 01, 2005 7:13 AM
Subject: CRAM-MD5 Authentication -- leave the previous mail..

Hi Friends..  (sorry for the spam)

Now i somehow managed to build my CRAM-MD5 algorithm..
but still am getting failure notice in authentication from the server

Please do spare some minutes for me and consider this sample case:

Username : vijayan(_at_)test123
Password : vijayan123

Server's Response for AUTH CRAM-MD5 :
(greeting or secret)

then I made Base64 decode string (Challenge):
<1317016528(_dot_)9363588(_at_)test123>  (last time i sent the wrong buffer)...

then the md5 algorithm formed the digest on this buffer which is
digest = "08efc84630335743ec35966c80b23c5a"

so the full base64 decoded string is : "vijayan(_at_)test123

now i made the base64 encode on this string, which returns

this buffer i sent to server. But the server return "535 authentication
failed (#5.7.0)

pls check these sequences and letme know where the error occured..
is my algorithm is correct..??

if any error where it might be..?

pls help in this..

hope to get a reply from anyof u regarding this issue..

thanks in advance,

<Prev in Thread] Current Thread [Next in Thread>