Make authentication mechanisms configurable

Added configuration option "auth_mechanisms" to the config file: it is a list of mechanisms that will be tried in the specified order. Author: Andreas Mack <andreas.mack@konsec.com> Signed-off-by: Eygene Ryabinkin <rea@codelabs.ru>
2013-08-07 13:43:51 +02:00
parent 968d5520da
commit e26827c1cb
5 changed files with 183 additions and 80 deletions
--- a/offlineimap.conf
+++ b/offlineimap.conf
@ -361,10 +361,24 @@ remoteuser = username
 # intact, but remote identity changes.
 #
 # Currently this variable is used only for SASL PLAIN authentication
-# mechanism.
+# mechanism, so consider using auth_mechanisms to prioritize PLAIN
+# or even make it the only mechanism to be tried.
 #
 # remote_identity = authzuser

+# Specify which authentication/authorization mechanisms we should try
+# and the order in which OfflineIMAP will try them.  NOTE: any given
+# mechanism will be tried only if it is supported by the remote IMAP
+# server.
+#
+# Due to the technical limitations, if you're specifying GSSAPI
+# as the mechanism to try, it will be tried first, no matter where
+# it was specified in the list.
+#
+# Default value is
+# auth_mechanisms = GSSAPI, CRAM-MD5, PLAIN, LOGIN
+# ranged is from strongest to more weak ones.
+
 ########## Passwords

 # There are six ways to specify the password for the IMAP server: