rev |
line source |
yuuji@0
|
1
|
yuuji@0
|
2
|
yuuji@0
|
3
|
yuuji@0
|
4
|
yuuji@0
|
5
|
yuuji@0
|
6
|
yuuji@0
|
7 Network Working Group M. Gahrns
|
yuuji@0
|
8 Request for Comments: 2221 Microsoft
|
yuuji@0
|
9 Category: Standards Track October 1997
|
yuuji@0
|
10
|
yuuji@0
|
11
|
yuuji@0
|
12 IMAP4 Login Referrals
|
yuuji@0
|
13
|
yuuji@0
|
14 Status of this Memo
|
yuuji@0
|
15
|
yuuji@0
|
16 This document specifies an Internet standards track protocol for the
|
yuuji@0
|
17 Internet community, and requests discussion and suggestions for
|
yuuji@0
|
18 improvements. Please refer to the current edition of the "Internet
|
yuuji@0
|
19 Official Protocol Standards" (STD 1) for the standardization state
|
yuuji@0
|
20 and status of this protocol. Distribution of this memo is unlimited.
|
yuuji@0
|
21
|
yuuji@0
|
22 Copyright Notice
|
yuuji@0
|
23
|
yuuji@0
|
24 Copyright (C) The Internet Society (1997). All Rights Reserved.
|
yuuji@0
|
25
|
yuuji@0
|
26 1. Abstract
|
yuuji@0
|
27
|
yuuji@0
|
28 When dealing with large amounts of users and many IMAP4 [RFC-2060]
|
yuuji@0
|
29 servers, it is often necessary to move users from one IMAP4 server to
|
yuuji@0
|
30 another. For example, hardware failures or organizational changes
|
yuuji@0
|
31 may dictate such a move.
|
yuuji@0
|
32
|
yuuji@0
|
33 Login referrals allow clients to transparently connect to an
|
yuuji@0
|
34 alternate IMAP4 server, if their home IMAP4 server has changed.
|
yuuji@0
|
35
|
yuuji@0
|
36 A referral mechanism can provide efficiencies over the alternative
|
yuuji@0
|
37 'proxy method', in which the local IMAP4 server contacts the remote
|
yuuji@0
|
38 server on behalf of the client, and then transfers the data from the
|
yuuji@0
|
39 remote server to itself, and then on to the client. The referral
|
yuuji@0
|
40 mechanism's direct client connection to the remote server is often a
|
yuuji@0
|
41 more efficient use of bandwidth, and does not require the local
|
yuuji@0
|
42 server to impersonate the client when authenticating to the remote
|
yuuji@0
|
43 server.
|
yuuji@0
|
44
|
yuuji@0
|
45 2. Conventions used in this document
|
yuuji@0
|
46
|
yuuji@0
|
47 In examples, "C:" and "S:" indicate lines sent by the client and
|
yuuji@0
|
48 server respectively.
|
yuuji@0
|
49
|
yuuji@0
|
50 A home server, is an IMAP4 server that contains the user's inbox.
|
yuuji@0
|
51
|
yuuji@0
|
52 A remote server is a server that contains remote mailboxes.
|
yuuji@0
|
53
|
yuuji@0
|
54
|
yuuji@0
|
55
|
yuuji@0
|
56
|
yuuji@0
|
57
|
yuuji@0
|
58 Gahrns Standards Track [Page 1]
|
yuuji@0
|
59
|
yuuji@0
|
60 RFC 2221 IMAP4 Login Referrals October 1997
|
yuuji@0
|
61
|
yuuji@0
|
62
|
yuuji@0
|
63 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
|
yuuji@0
|
64 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
|
yuuji@0
|
65 document are to be interpreted as described in [RFC-2119].
|
yuuji@0
|
66
|
yuuji@0
|
67 3. Introduction and Overview
|
yuuji@0
|
68
|
yuuji@0
|
69 IMAP4 servers that support this extension MUST list the keyword
|
yuuji@0
|
70 LOGIN-REFERRALS in their CAPABILITY response. No client action is
|
yuuji@0
|
71 needed to invoke the LOGIN-REFERRALS capability in a server.
|
yuuji@0
|
72
|
yuuji@0
|
73 A LOGIN-REFERRALS capable IMAP4 server SHOULD NOT return a referral
|
yuuji@0
|
74 to a server that will return a referral. A client MUST NOT follow
|
yuuji@0
|
75 more than 10 levels of referral without consulting the user.
|
yuuji@0
|
76
|
yuuji@0
|
77 A LOGIN-REFERRALS response code MUST contain as an argument a valid
|
yuuji@0
|
78 IMAP server URL as defined in [IMAP-URL].
|
yuuji@0
|
79
|
yuuji@0
|
80 A home server referral consists of either a tagged NO or OK, or an
|
yuuji@0
|
81 untagged BYE response that contains a LOGIN-REFERRALS response code.
|
yuuji@0
|
82
|
yuuji@0
|
83 Example: A001 NO [REFERRAL IMAP://user;AUTH=*@SERVER2/] Remote Server
|
yuuji@0
|
84
|
yuuji@0
|
85 NOTE: user;AUTH=* is specified as required by [IMAP-URL] to avoid a
|
yuuji@0
|
86 client falling back to anonymous login.
|
yuuji@0
|
87
|
yuuji@0
|
88 4. Home Server Referrals
|
yuuji@0
|
89
|
yuuji@0
|
90 A home server referral may be returned in response to an AUTHENTICATE
|
yuuji@0
|
91 or LOGIN command, or it may appear in the connection startup banner.
|
yuuji@0
|
92 If a server returns a home server referral in a tagged NO response,
|
yuuji@0
|
93 that server does not contain any mailboxes that are accessible to the
|
yuuji@0
|
94 user. If a server returns a home server referral in a tagged OK
|
yuuji@0
|
95 response, it indicates that the user's personal mailboxes are
|
yuuji@0
|
96 elsewhere, but the server contains public mailboxes which are
|
yuuji@0
|
97 readable by the user. After receiving a home server referral, the
|
yuuji@0
|
98 client can not make any assumptions as to whether this was a
|
yuuji@0
|
99 permanent or temporary move of the user.
|
yuuji@0
|
100
|
yuuji@0
|
101 4.1. LOGIN and AUTHENTICATE Referrals
|
yuuji@0
|
102
|
yuuji@0
|
103 An IMAP4 server MAY respond to a LOGIN or AUTHENTICATE command with a
|
yuuji@0
|
104 home server referral if it wishes to direct the user to another IMAP4
|
yuuji@0
|
105 server.
|
yuuji@0
|
106
|
yuuji@0
|
107 Example: C: A001 LOGIN MIKE PASSWORD
|
yuuji@0
|
108 S: A001 NO [REFERRAL IMAP://MIKE@SERVER2/] Specified user
|
yuuji@0
|
109 is invalid on this server. Try SERVER2.
|
yuuji@0
|
110
|
yuuji@0
|
111
|
yuuji@0
|
112
|
yuuji@0
|
113
|
yuuji@0
|
114 Gahrns Standards Track [Page 2]
|
yuuji@0
|
115
|
yuuji@0
|
116 RFC 2221 IMAP4 Login Referrals October 1997
|
yuuji@0
|
117
|
yuuji@0
|
118
|
yuuji@0
|
119 Example: C: A001 LOGIN MATTHEW PASSWORD
|
yuuji@0
|
120 S: A001 OK [REFERRAL IMAP://MATTHEW@SERVER2/] Specified
|
yuuji@0
|
121 user's personal mailboxes located on Server2, but
|
yuuji@0
|
122 public mailboxes are available.
|
yuuji@0
|
123
|
yuuji@0
|
124 Example: C: A001 AUTHENTICATE GSSAPI
|
yuuji@0
|
125 <authentication exchange>
|
yuuji@0
|
126 S: A001 NO [REFERRAL IMAP://user;AUTH=GSSAPI@SERVER2/]
|
yuuji@0
|
127 Specified user is invalid on this server. Try
|
yuuji@0
|
128 SERVER2.
|
yuuji@0
|
129
|
yuuji@0
|
130 4.2. BYE at connection startup referral
|
yuuji@0
|
131
|
yuuji@0
|
132 An IMAP4 server MAY respond with an untagged BYE and a REFERRAL
|
yuuji@0
|
133 response code that contains an IMAP URL to a home server if it is not
|
yuuji@0
|
134 willing to accept connections and wishes to direct the client to
|
yuuji@0
|
135 another IMAP4 server.
|
yuuji@0
|
136
|
yuuji@0
|
137 Example: S: * BYE [REFERRAL IMAP://user;AUTH=*@SERVER2/] Server not
|
yuuji@0
|
138 accepting connections. Try SERVER2
|
yuuji@0
|
139
|
yuuji@0
|
140 5. Formal Syntax
|
yuuji@0
|
141
|
yuuji@0
|
142 The following syntax specification uses the augmented Backus-Naur
|
yuuji@0
|
143 Form (BNF) as described in [ABNF].
|
yuuji@0
|
144
|
yuuji@0
|
145 This amends the "resp_text_code" element of the IMAP4 grammar
|
yuuji@0
|
146 described in [RFC-2060]
|
yuuji@0
|
147
|
yuuji@0
|
148 resp_text_code =/ "REFERRAL" SPACE <imapurl>
|
yuuji@0
|
149 ; See [IMAP-URL] for definition of <imapurl>
|
yuuji@0
|
150 ; See [RFC-2060] for base definition of resp_text_code
|
yuuji@0
|
151
|
yuuji@0
|
152 6. Security Considerations
|
yuuji@0
|
153
|
yuuji@0
|
154 The IMAP4 login referral mechanism makes use of IMAP URLs, and as
|
yuuji@0
|
155 such, have the same security considerations as general internet URLs
|
yuuji@0
|
156 [RFC-1738], and in particular IMAP URLs [IMAP-URL].
|
yuuji@0
|
157
|
yuuji@0
|
158 A server MUST NOT give a login referral if authentication for that
|
yuuji@0
|
159 user fails. This is to avoid revealing information about the user's
|
yuuji@0
|
160 account to an unauthorized user.
|
yuuji@0
|
161
|
yuuji@0
|
162 With the LOGIN-REFERRALS capability, it is potentially easier to
|
yuuji@0
|
163 write a rogue 'password catching' server that collects login data and
|
yuuji@0
|
164 then refers the client to their actual IMAP4 server. Although
|
yuuji@0
|
165 referrals reduce the effort to write such a server, the referral
|
yuuji@0
|
166 response makes detection of the intrusion easier.
|
yuuji@0
|
167
|
yuuji@0
|
168
|
yuuji@0
|
169
|
yuuji@0
|
170 Gahrns Standards Track [Page 3]
|
yuuji@0
|
171
|
yuuji@0
|
172 RFC 2221 IMAP4 Login Referrals October 1997
|
yuuji@0
|
173
|
yuuji@0
|
174
|
yuuji@0
|
175 7. References
|
yuuji@0
|
176
|
yuuji@0
|
177 [RFC-2060], Crispin, M., "Internet Message Access Protocol - Version
|
yuuji@0
|
178 4rev1", RFC 2060, December 1996.
|
yuuji@0
|
179
|
yuuji@0
|
180 [IMAP-URL], Newman, C., "IMAP URL Scheme", RFC 2192, Innosoft,
|
yuuji@0
|
181 September 1997.
|
yuuji@0
|
182
|
yuuji@0
|
183 [RFC-1738], Berners-Lee, T., Masinter, L. and M. McCahill, "Uniform
|
yuuji@0
|
184 Resource Locators (URL)", RFC 1738, December 1994.
|
yuuji@0
|
185
|
yuuji@0
|
186 [RFC-2119], Bradner, S., "Key words for use in RFCs to Indicate
|
yuuji@0
|
187 Requirement Levels", RFC 2119, March 1997.
|
yuuji@0
|
188
|
yuuji@0
|
189 [ABNF], DRUMS working group, Dave Crocker Editor, "Augmented BNF for
|
yuuji@0
|
190 Syntax Specifications: ABNF", Work in Progress.
|
yuuji@0
|
191
|
yuuji@0
|
192 8. Acknowledgments
|
yuuji@0
|
193
|
yuuji@0
|
194 Many valuable suggestions were received from private discussions and
|
yuuji@0
|
195 the IMAP4 mailing list. In particular, Raymond Cheng, Mark Crispin,
|
yuuji@0
|
196 Mark Keasling Chris Newman and Larry Osterman made significant
|
yuuji@0
|
197 contributions to this document.
|
yuuji@0
|
198
|
yuuji@0
|
199 9. Author's Address
|
yuuji@0
|
200
|
yuuji@0
|
201 Mike Gahrns
|
yuuji@0
|
202 Microsoft
|
yuuji@0
|
203 One Microsoft Way
|
yuuji@0
|
204 Redmond, WA, 98072
|
yuuji@0
|
205
|
yuuji@0
|
206 Phone: (206) 936-9833
|
yuuji@0
|
207 EMail: mikega@microsoft.com
|
yuuji@0
|
208
|
yuuji@0
|
209
|
yuuji@0
|
210
|
yuuji@0
|
211
|
yuuji@0
|
212
|
yuuji@0
|
213
|
yuuji@0
|
214
|
yuuji@0
|
215
|
yuuji@0
|
216
|
yuuji@0
|
217
|
yuuji@0
|
218
|
yuuji@0
|
219
|
yuuji@0
|
220
|
yuuji@0
|
221
|
yuuji@0
|
222
|
yuuji@0
|
223
|
yuuji@0
|
224
|
yuuji@0
|
225
|
yuuji@0
|
226 Gahrns Standards Track [Page 4]
|
yuuji@0
|
227
|
yuuji@0
|
228 RFC 2221 IMAP4 Login Referrals October 1997
|
yuuji@0
|
229
|
yuuji@0
|
230
|
yuuji@0
|
231 10. Full Copyright Statement
|
yuuji@0
|
232
|
yuuji@0
|
233 Copyright (C) The Internet Society (1997). All Rights Reserved.
|
yuuji@0
|
234
|
yuuji@0
|
235 This document and translations of it may be copied and furnished to
|
yuuji@0
|
236 others, and derivative works that comment on or otherwise explain it
|
yuuji@0
|
237 or assist in its implmentation may be prepared, copied, published
|
yuuji@0
|
238 andand distributed, in whole or in part, without restriction of any
|
yuuji@0
|
239 kind, provided that the above copyright notice and this paragraph are
|
yuuji@0
|
240 included on all such copies and derivative works. However, this
|
yuuji@0
|
241 document itself may not be modified in any way, such as by removing
|
yuuji@0
|
242 the copyright notice or references to the Internet Society or other
|
yuuji@0
|
243 Internet organizations, except as needed for the purpose of
|
yuuji@0
|
244 developing Internet standards in which case the procedures for
|
yuuji@0
|
245 copyrights defined in the Internet Standards process must be
|
yuuji@0
|
246 followed, or as required to translate it into languages other than
|
yuuji@0
|
247 English.
|
yuuji@0
|
248
|
yuuji@0
|
249 The limited permissions granted above are perpetual and will not be
|
yuuji@0
|
250 revoked by the Internet Society or its successors or assigns.
|
yuuji@0
|
251
|
yuuji@0
|
252 This document and the information contained herein is provided on an
|
yuuji@0
|
253 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
yuuji@0
|
254 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
yuuji@0
|
255 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
yuuji@0
|
256 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
yuuji@0
|
257 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."
|
yuuji@0
|
258
|
yuuji@0
|
259
|
yuuji@0
|
260
|
yuuji@0
|
261
|
yuuji@0
|
262
|
yuuji@0
|
263
|
yuuji@0
|
264
|
yuuji@0
|
265
|
yuuji@0
|
266
|
yuuji@0
|
267
|
yuuji@0
|
268
|
yuuji@0
|
269
|
yuuji@0
|
270
|
yuuji@0
|
271
|
yuuji@0
|
272
|
yuuji@0
|
273
|
yuuji@0
|
274
|
yuuji@0
|
275
|
yuuji@0
|
276
|
yuuji@0
|
277
|
yuuji@0
|
278
|
yuuji@0
|
279
|
yuuji@0
|
280
|
yuuji@0
|
281
|
yuuji@0
|
282 Gahrns Standards Track [Page 5]
|
yuuji@0
|
283
|