At 5:43 PM -0500 2/3/03, II Alan W. Rateliff wrote:
The idea of the extended POP response codes in general, and specific ones such as [SYS] and [AUTH], is to allow the server to clearly indicate to the client the nature of the error. So, if a user tries to authenticate while a session is currently active, RFC 2449 provides the [IN-USE] response code. When the client sees "-NO [IN-USE]" it knows that the user has another session active. It can silently retry later, it can present a localized explanatory message, or whatever else makes sense.> RFC 3206 provides an unambiguous means for POP3 servers to informclients if an error response is due to a credentials problem or something else, allowing clients to not assume a password error is the cause of all errors during authentication. I'm not sure how many clients and servers support it yet, but recent versions of Qpopper do.Outlook/Express has a habit of asking for a different username and password initially, regardless of the actual error. I believe this was intended to provide the user with the opportunity to use a different username, but I don't fully see the reasoning.Only after failing to authenticate a POP session a couple or few times does it actually give the verbose response from the mailserver.
In case of an actual credential-related error, RFC 3206 provides the [AUTH] response code. If some resource is temporarily unavailable, RFC 3206 provides the [SYS/TEMP] code. Etc.
So asking for a different username and password, without paying any attention to the response code, doesn't make a lot of sense to me.
--
Randall Gellens
Opinions are personal; facts are suspect; I speak for myself only
-------------- Randomly-selected tag: ---------------
Citizens for corrupt government, unclean water, higher taxes,
unsafe streets, and poor schools.
