[Dovecot] Difference between LOGIN and PLAIN
Simon Brereton
simon.brereton at buongiorno.com
Thu Nov 3 23:28:28 EET 2011
On 3 November 2011 17:01, Stephan Bosch <stephan at rename-it.nl> wrote:
> On 11/3/2011 9:42 PM, Simon Brereton wrote:
>>
>> Hi
>>
>> Could someone explain to me the difference between LOGIN and PLAIN?
>> I've been googling for a while, but haven't found anything.
>
> The LOGIN SASL mechanism is an obsolete plain text mechanism. It is
> documented here:
>
> http://tools.ietf.org/html/draft-murchison-sasl-login-00
>
> Some clients still support it, but I would not recommend using it when PLAIN
> or a better SASL mechanism is also available at both ends. The PLAIN
> mechanism is documented here:
>
> http://tools.ietf.org/html/rfc4616
>
> The main technical difference between the two is that the PLAIN mechanism
> transfers both username and password in a single SASL interaction, where
> LOGIN needs two. The PLAIN mechanism also provides support for having an
> authorization id different from the authentication id, allowing for master
> user login for example.
Thanks to both of you. Can I bet that Outlook doesn't support
anything but plain?
I'm not sure I've ever heard of a client supporting other than
Evolution supporting MD5 passwords..
Simon
More information about the dovecot
mailing list