meli
/
wasm-demo
4
Fork 0
Code Issues Pull Requests Releases Wiki Activity
wasm-demo/demo/ermis-f/imap-protocol/cur/1600095129.23051.mbox:2,S

57 lines
2.2 KiB
Plaintext
Raw Permalink Blame History

MBOX-Line: From davidmaxwaterman at fastmail.co.uk Wed Nov 2 20:26:58 2005
To: imap-protocol@u.washington.edu
From: Max Waterman <davidmaxwaterman@fastmail.co.uk>
Date: Fri Jun 8 12:34:36 2018
Subject: [Imap-protocol] username/password
In-Reply-To: <Pine.OSX.4.64.0511022009390.533@pangtzu.panda.com>
References: <436988D9.8040106@fastmail.co.uk>
<Pine.OSX.4.64.0511022009390.533@pangtzu.panda.com>
Message-ID: <43699192.2040701@fastmail.co.uk>
Thanks for the prompt response and clear explanation.
It seems that the options are :
1) propose a new RFC to split the username/password, which can then be
implemented
2) use a separate servers for secure and insecure users (I suppose a
second NIC would suffice?)
Is that correct?
Max.
Mark Crispin wrote:
> Your question is difficult to answer, because it makes an incorrect
> premise. That premise is that the server "asks" for a password.
>
> The server does not "ask" for a password in IMAP; rather, the client
> chooses to provide one.
>
> The server MAY announce that it refuses passwords on a global basis via
> the LOGINDISABLED capability. Any client which sends a password to a
> server which has announced LOGINDISABLED is non-compliant with the IMAP
> specification and should not be used.
>
> The standard configuration of UW imapd, in accordance with the IMAP
> specification (RFC 3501), makes such an announcement on non-SSL/TLS
> sessions; and in that state will reject any password even if the
> password is correct. In that state, UW imapd allows other means of
> authentication that do not involve passwords. If the session negotiates
> TLS encryption, the UW imapd will retract the LOGINDISABLED announcement
> and allow password authentication.
>
> For other servers, you will need to read the vendor's documentation.
>
> When announced, LOGINDISABLED is a global restriction. It is not
> possible to allow passwords for some users and disallow passwords for
> other users. This is because the user name and password are sent together.
>
> -- Mark --
>
> http://panda.com/mrc
> Democracy is two wolves and a sheep deciding what to eat for lunch.
> Liberty is a well-armed sheep contesting the vote.
Reference in New Issue View Git Blame Copy Permalink