On 06/19/12 16:08 +0800, ctosgh wrote:
Greetings, As the doc said "This function starts an authentication session. It takes a list of possible mechanisms (usually gotten from the server through a capability command) and chooses the "best" mechanism to try. Upon success clientout points at data to send to the server" I am confused by "usually gotten from the server through a capability command". What does it exactly mean?
An imap client parses the capability string returned by the server, such as: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE LOGINDISABLED AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=NTLM AUTH=CRAM-MD5 SASL-IR] quark Cyrus IMAP x.y.z server ready It's the calling application's responsibility to know how to obtain the list (as defined by the protocol spec). The imtest utility provides an example.
Let's take ldap client for an example, is there a real LDAP operation sent to server over the network to get the mechanisms list supported by server if this function is called?
An attribute in the root DSE provides the list of server supported mechanisms (RFC 2251): ~$ ldapsearch -LLL -x -H ldap://ldap.example.net -s "base" -b "" supportedSASLMechanisms dn: supportedSASLMechanisms: LOGIN supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: NTLM supportedSASLMechanisms: GSSAPI supportedSASLMechanisms: OTP supportedSASLMechanisms: PLAIN supportedSASLMechanisms: ANONYMOUS supportedSASLMechanisms: CRAM-MD5 -- Dan White
