> One possible use might be logging in into Subfolders of your
> account. Imagine a login with 'user\0user\0pw' vs.
> 'user/outbox\0user\0pw'.
Arrgh, nonsense. This is SMTP, not POP3. I should probably go to
bed before writing more wrong things.
However i found a good example of a use for the difference between
the authentication id and the authorization id: This could allow a
smtp server to pass authorization to another server.
Imagine a boundary SMTP server which is contacted by the clients
and knows how to authorize them. Now this SMTP server forwards the
received mail to another server and for some reason it is important
that the other server knows the user which submitted the mail. Now
you might configure the second mail server to know a special user
which is allowed to login as other users.
So now user 'john' sends a mail to the boundary mailserver:
AUTH PLAIN \0john\0mysecretpw.
The boundary mailserver forwards the mail to the second mailserver
and passes along the fact, that the mail is by user 'john', but uses
his own username+passwort for authentication:
AUTH PLAIN john\0boundaryserver\0pwoftheserver
Now this is all rather esoteric stuff with little practical value
but good to know that such hacks are possible (if supported by
the MTA).
Regards
Michael
--
It's an insane world, but i'm proud to be a part of it. -- Bill Hicks
