On Tue, 30 Dec 2003, Paul Jarc wrote:
> I'd like to skip TLS support - at least for now - and I'd like to make
> it as clear as possible to clients that the server is anonymous-only.
> How about this: CAPABILITY IMAP4rev1 AUTH=ANONYMOUS LOGINDISABLED
> Would clients be prepared for that?
That capability string is fine for an anonymous-only server. My client
code would handle that OK, but you'd have to configure it to use anonymous
access since otherwise it'd want to do a non-anonymous authentication (and
complain that it can't).
Another possibility is
CAPABILITY IMAP4REV1 AUTH=ANONYMOUS and allow the LOGIN command
with the only valid userid being "anonymous" with any password. That way,
you don't have to worry about whether or not the client requires
configuration; if the client prompts the user for a userid and password
the user can simply use userid anonymous.
-- Mark --
http://staff.washington.edu/mrc
Science does not emerge from voting, party politics, or public debate.
Si vis pacem, para bellum.
