On Tue, 30 Dec 2003, Paul Jarc wrote: > I'd like to skip TLS support - at least for now - and I'd like to make > it as clear as possible to clients that the server is anonymous-only. > How about this: CAPABILITY IMAP4rev1 AUTH=ANONYMOUS LOGINDISABLED > Would clients be prepared for that?
That capability string is fine for an anonymous-only server. My client code would handle that OK, but you'd have to configure it to use anonymous access since otherwise it'd want to do a non-anonymous authentication (and complain that it can't). Another possibility is CAPABILITY IMAP4REV1 AUTH=ANONYMOUS and allow the LOGIN command with the only valid userid being "anonymous" with any password. That way, you don't have to worry about whether or not the client requires configuration; if the client prompts the user for a userid and password the user can simply use userid anonymous. -- Mark -- http://staff.washington.edu/mrc Science does not emerge from voting, party politics, or public debate. Si vis pacem, para bellum.