Mail proxy module - http auth - BUG : bad Auth-Method returned

Simon Lécaille slecaille at
Fri Apr 24 12:06:44 MSD 2009

When authenticate mechanism such as apop or cram-md5 are used, the 
Auth-Method header sent to backend mismatch the auth method used.

e.g With cram-md5 mechanism
GET / HTTP/1.0
Host: localhost
Auth-Method: none
Auth-User: login
Auth-Pass: 3874a80406c560adb1c11853c266a44e
Auth-Salt: <2086279695.1240477831 at localhost>
Auth-Protocol: imap
Auth-Login-Attempt: 1

e.g With apop mechanism
GET / HTTP/1.0
Host: localhost
Auth-Method: cram-md5
Auth-User: login
Auth-Pass: password
Auth-Protocol: pop3
Auth-Login-Attempt: 1

Actually the array ngx_mail_auth_http_method[] contained less values 
than it should.
So the index pointed to the wrong string when the auth_method attribute 
is used is several structures.
One occurrence of "plain" was missing.

Here comes the patch :

Index: src/mail/ngx_mail_auth_http_module.c
--- src/mail/ngx_mail_auth_http_module.c
+++ src/mail/ngx_mail_auth_http_module.c
@@ -138,4 +138,5 @@
 static ngx_str_t   ngx_mail_auth_http_method[] = {
+    ngx_string("plain"),

(Logo EmisFr)
/Infogérance, Sécurité et Serveurs, Développements métier et spécifiques/
10 rue Mazagran, 54000 NANCY, France
Tel/Fax.: +33.3 83 32 25 75

More information about the nginx mailing list