Hi Could someone explain to me the difference between LOGIN and PLAIN? I've been googling for a while, but haven't found anything. Thanks. Simon
* Simon Brereton <simon.brereton at buongiorno.com>:> Could someone explain to me the difference between LOGIN and PLAIN?In SMTP these are: Both - are plaintext mechanisms. - base64 encode identification data before they send it over the wire - do not encrypt the indentification data and should therefore only be offered over an encrypted transport layer PLAIN - is an open standard supported by most clients - sends identification data as one string - sends an authentication ID, an authorization ID and the password LOGIN - is a proprietary standard supported by Microsofts clients - sends LOGIN, login name, password and optionally the domain name one after another I guess they are basically the same in IMAP, but others will know better. p at rick> I've been googling for a while, but haven't found anything. > > Thanks. > > Simon-- state of mind () http://www.state-of-mind.de Franziskanerstra?e 15 Telefon +49 89 3090 4664 81669 M?nchen Telefax +49 89 3090 4666 Amtsgericht M?nchen Partnerschaftsregister PR 563
On 11/3/2011 9:42 PM, Simon Brereton wrote:> Hi > > Could someone explain to me the difference between LOGIN and PLAIN? > I've been googling for a while, but haven't found anything.The LOGIN SASL mechanism is an obsolete plain text mechanism. It is documented here: http://tools.ietf.org/html/draft-murchison-sasl-login-00 Some clients still support it, but I would not recommend using it when PLAIN or a better SASL mechanism is also available at both ends. The PLAIN mechanism is documented here: http://tools.ietf.org/html/rfc4616 The main technical difference between the two is that the PLAIN mechanism transfers both username and password in a single SASL interaction, where LOGIN needs two. The PLAIN mechanism also provides support for having an authorization id different from the authentication id, allowing for master user login for example. Regards, Stephan.
On Thu, 3 Nov 2011 16:42:40 -0400 Simon Brereton articulated:> Hi > > Could someone explain to me the difference between LOGIN and PLAIN? > I've been googling for a while, but haven't found anything.You could start here for some basic information: http://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer http://wiki.dovecot.org/Authentication/Mechanisms -- Jerry ? Dovecot.user at seibercom.net Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________