I use 'AUTH PLAIN <secret>' to login to a POP3 server with a proxy user. I can't use 'pass_()' as I need to supply a admin user and the user to proxy into.

class adminpopserver(poplib.POP3):
    def auth(self, method, secret):
        return self._shortcmd('AUTH %s %s' % (method, secret))

secret = "{user}\0{adminuser}\0{password}".format(
    user=user, 
    adminuser=adminuser, 
    password=password)
secret = secret.encode('base64').strip('\n')

This is basically rfc 5034 support?  Sounds like a good idea.

I'm going to mark this issue as 'easy' because it isn't a whole lot of code, but for anyone who wants to tackle it, know that understanding the RFC and getting it *right* is not necessarily trivial, because: rfc :)

As far as I understood the RFC:

A client should send CAPA and check if there is a SASL tag in the response (e.g. "SASL PLAIN").

===============================
+OK Dovecot ready.
AUTH PLAIN base64_encoded_info
+OK Logged in.
LIST
===============================
I've replace the base64 encoded authentication info with 'base64_encoded_info'

For other authentication mechanisms the response can be longer (it may contain a challenge) and the request may only contain the mechanim.

I don't have a server which supports anything else than AUTH PLAIN, so I could verify/test this.

imaplib has an API for handling that kind of thing.  Maybe we can model the poplib support off of that API.  It would be nice to be consistent, assuming it in fact makes sense for poplib as well.