[Dovecot] Difference between LOGIN and PLAIN
Hi
Could someone explain to me the difference between LOGIN and PLAIN? I've been googling for a while, but haven't found anything.
Thanks.
Simon
- Simon Brereton <simon.brereton@buongiorno.com>:
Could someone explain to me the difference between LOGIN and PLAIN?
In SMTP these are:
Both
- are plaintext mechanisms.
- base64 encode identification data before they send it over the wire
- do not encrypt the indentification data and should therefore only be offered over an encrypted transport layer
PLAIN
- is an open standard supported by most clients
- sends identification data as one string
- sends an authentication ID, an authorization ID and the password
LOGIN
- is a proprietary standard supported by Microsofts clients
- sends LOGIN, login name, password and optionally the domain name one after another
I guess they are basically the same in IMAP, but others will know better.
p@rick
-- state of mind ()
Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666
Amtsgericht München Partnerschaftsregister PR 563
On 11/3/2011 9:42 PM, Simon Brereton wrote:
The LOGIN SASL mechanism is an obsolete plain text mechanism. It is documented here:
http://tools.ietf.org/html/draft-murchison-sasl-login-00
Some clients still support it, but I would not recommend using it when PLAIN or a better SASL mechanism is also available at both ends. The PLAIN mechanism is documented here:
http://tools.ietf.org/html/rfc4616
The main technical difference between the two is that the PLAIN mechanism transfers both username and password in a single SASL interaction, where LOGIN needs two. The PLAIN mechanism also provides support for having an authorization id different from the authentication id, allowing for master user login for example.
Regards,
Stephan.
- Simon Brereton <simon.brereton@buongiorno.com>:
Outlook > 2007 LOGIN, NTLM Outlook 2010 > LOGIN, NTLM2, DIGEST-MD5
I'm not sure I've ever heard of a client supporting other than Evolution supporting MD5 passwords..
Two come to mind: mutt, Thunderbird However DIGEST-MD5 has been marked deprecated this summer.
p@rick
-- state of mind ()
Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666
Amtsgericht München Partnerschaftsregister PR 563
On Thu, 3 Nov 2011 16:42:40 -0400 Simon Brereton articulated:
You could start here for some basic information:
http://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer
http://wiki.dovecot.org/Authentication/Mechanisms
-- Jerry ✌ Dovecot.user@seibercom.net
Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header.
participants (4)
-
Jerry
-
Patrick Ben Koetter
-
Simon Brereton
-
Stephan Bosch