RFC 2384 (rfc2384) - Page 2 of 8


POP URL Scheme



Alternative Format: Original Text Document



RFC 2384                     POP URL Scheme                  August 1998


3.  POP Scheme

   The POP URL scheme designates a POP server, and optionally a port
   number, authentication mechanism, authentication ID, and/or
   authorization ID.

   The POP URL follows the common Internet scheme syntax as defined in
   RFC 1738 [BASIC-URL] except that clear text passwords are not
   permitted.  If : is omitted, the port defaults to 110.

   The POP URL is described using [ABNF] in Section 8.

   A POP URL is of the general form:

        pop://;auth=@:

   Where , , and  are as defined in RFC 1738, and some
   or all of the elements, except "pop://" and , may be omitted.

4.  POP User Name and Authentication Mechanism

   An authorization (which mailbox to access) and authentication (whose
   password to check against) identity (referred to as "user name" for
   simplicity) and/or authentication mechanism name may be supplied.
   These are used in a "USER", "APOP", "AUTH" [POP-AUTH], or extension
   command after making the connection to the POP server.  If the URL
   doesn't supply an authentication identifier, the program interpreting
   the POP URL SHOULD request one from the user.

   An authentication mechanism can be expressed by adding ";AUTH=" to the end of the user name.  If the authentication
   mechanism name is not preceded by a "+", it is a SASL POP [SASL]
   mechanism.  If it is preceded by a "+", it is either "APOP" or an
   extension mechanism.

   When an  is specified, the client SHOULD request
   appropriate credentials from that mechanism and use the "AUTH",
   "APOP", or extension command instead of the "USER" command.  If no
   user name is specified, one SHOULD be obtained from the mechanism or
   requested from the user as appropriate.

   The string ";AUTH=*" indicates that the client SHOULD select an
   appropriate authentication mechanism.  It MAY use any mechanism
   supported by the POP server.

   If an  other than ";AUTH=*" is specified, the client
   SHOULD NOT use a different mechanism without explicit user
   permission.



Gellens                     Standards Track