[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IMAP extension for SASL additional information
Do IMAP support SASL authentication where the server returns additional
information together with success? As far as I can tell from section
6.2.2 of RFC 3501 it does not, but I may be missing something.
Is there interest in an extension, say "SASL-AD", to provide this
capability?
It could work like this:
C: . CAPABILITY
S: * CAPABILITY SASL-AD
C: . AUTHENTICATE SCRAM-SHA-1 - SASL-AD
S: +
C: client-first-b64-string
S: + server-first-b64-string
C: client-final-b64-string
S: . OK [SASL-AD server-final-b64-string]
When used together with SASL-IR, an exchange could look like:
C: . CAPABILITY
S: * CAPABILITY SASL-IR SASL-AD
C: . AUTHENTICATE SCRAM-SHA-1 client-first-b64-string SASL-AD
S: + server-first-b64-string
C: client-final-b64-string
S: . OK [SASL-AD server-final-b64-string]
Using "-" allows clients to avoid sending a client-first even if the
server announces support for SASL-IR, thus enabling:
C: . CAPABILITY
S: * CAPABILITY SASL-IR SASL-AD
C: . AUTHENTICATE SCRAM-SHA-1 - SASL-AD
S: +
C: client-first-b64-string
S: + server-first-b64-string
C: client-final-b64-string
S: . OK [SASL-AD server-final-b64-string]
/Simon