Next: The PLAIN mechanism, Previous: The EXTERNAL mechanism, Up: Mechanisms [Contents][Index]
The ANONYMOUS mechanism is used to “authenticate” clients to anonymous services; or rather, just indicate that the client wishes to use the service anonymously. The client sends a token, usually her email address, which serve the purpose of some trace information suitable for logging. The token cannot be empty.
In the client, this mechanism is always enabled, and will send the
GSASL_ANONYMOUS_TOKEN property as the trace information to the
server.
In the server, this mechanism will invoke the
GSASL_VALIDATE_ANONYMOUS callback to decide whether the client
should be permitted to log in. Your callback can retrieve the
GSASL_ANONYMOUS_TOKEN property to, for example, record it in a
log file. The token is normally not used to decide whether the client
should be permitted to log in or not.
The ANONYMOUS mechanism was initially specified in RFC 2245 and later revised in RFC 4505.