On Tue, 22 Nov 2005, Roy Giles wrote:
Could someone point me to a definition/description of the current imapd unauthenticated CAPABILITY responses in general and specifically the difference between AUTH=PLAIN and AUTH=LOGIN
The specification for the CAPABILITY response is the IMAP specification (RFC 3501). If you wish to write IMAP software, or otherwise have a formal understanding of what CAPABILITY means, then you must refer to this document (and frequently to various extension documents since capabilities are typically implemented by extension documents).
The AUTH=xxx capabilities define the SASL (RFC 2222, soon to be updated) authentication mechanisms supported by the server. The PLAIN SASL mechanism is described in RFC 2595 (soon to be updated) and is the way to do userid/password authentication in SASL.
The LOGIN SASL mechanism (not to be confused with the LOGIN command) is an earlier, undocumented, long-deprecated mechanism and should not be used. The *only* reason for keeping support around for the LOGIN SASL mechanism is that some broken software does not handle PLAIN properly but can do LOGIN.
AUTH=LOGIN has nothing to do with the LOGIN command, except that the LOGIN command is also long-deprecated and should not be used.
-- Mark -- http://panda.com/mrc Democracy is two wolves and a sheep deciding what to eat for lunch. Liberty is a well-armed sheep contesting the vote. _______________________________________________ Imap-uw mailing list [email protected] https://mailman1.u.washington.edu/mailman/listinfo/imap-uw
