class Net::IMAP::SASL::PlainAuthenticator
Authenticator for the “PLAIN
” SASL mechanism, specified in RFC-4616. See Net::IMAP#authenticate
.
PLAIN
authentication sends the password in cleartext. RFC-3501 encourages servers to disable cleartext authentication until after TLS has been negotiated. RFC-8314 recommends TLS version 1.2 or greater be used for all traffic, and deprecate cleartext access ASAP. PLAIN
can be secured by TLS encryption.
Attributes
Authorization identity: an identity to act as or on behalf of. The identity form is application protocol specific. If not provided or left blank, the server derives an authorization identity from the authentication identity. The server is responsible for verifying the client’s credentials and verifying that the identity it associates with the client’s authentication identity is allowed to act as (or on behalf of) the authorization identity.
For example, an administrator or superuser might take on another role:
imap.authenticate "PLAIN", "root", passwd, authzid: "user"
A password or passphrase that matches the username
.
A password or passphrase that matches the username
.
Public Class Methods
Creates an Authenticator for the “PLAIN
” SASL mechanism.
Called by Net::IMAP#authenticate
and similar methods on other clients.
Parameters¶ ↑
-
authcid
― Authentication identity that is associated withpassword
. -
password
― A password or passphrase associated with theauthcid
. -
optional
authzid
― Authorization identity to act as or on behalf of.When
authzid
is not set, the server should derive the authorization identity from the authentication identity.
Any other keyword parameters are quietly ignored.
# File lib/net/imap/sasl/plain_authenticator.rb, line 67 def initialize(user = nil, pass = nil, authcid: nil, secret: nil, username: nil, password: nil, authzid: nil, **) username ||= authcid || user or raise ArgumentError, "missing username (authcid)" password ||= secret || pass or raise ArgumentError, "missing password" raise ArgumentError, "username contains NULL" if username.include?(NULL) raise ArgumentError, "password contains NULL" if password.include?(NULL) raise ArgumentError, "authzid contains NULL" if authzid&.include?(NULL) @username = username @password = password @authzid = authzid @done = false end
Public Instance Methods
Returns true when the initial client response was sent.
The authentication should not succeed unless this returns true, but it does not indicate success.
# File lib/net/imap/sasl/plain_authenticator.rb, line 99 def done?; @done end
PLAIN
can send an initial client response.
# File lib/net/imap/sasl/plain_authenticator.rb, line 86 def initial_response?; true end
Responds with the client’s credentials.
# File lib/net/imap/sasl/plain_authenticator.rb, line 89 def process(data) return "#@authzid\0#@username\0#@password" ensure @done = true end