Quoting tao.6.y...@nokia.com:
Hi Michael, My question is, how to know the exact CAPABILITY after a user logged in, he'd have been able to know the CAPABILITY he really has. Simply, what should be followed as the CAPABILITY after a user logged in?
Whatever is returned by the CAPABILITY command. I guess I am not understanding your question.
When in an unauthenticated state, the server doesn't need to broadcast the capabilities of commands/features that the client *can't* use yet. i.e. knowing the server supports UIDPLUS at the authentication stage is pointless. Same thing after authenticating - the client could care less what authentication options are available after logged in.
RFC 3501 states that the list of capabilities can change after the STARTTLS or AUTHENTICATE/LOGIN commands are successful. Thus, the only way to ensure that you have the correct list of capabilities is to re-issue the command after each of these events, although recent IMAP servers (i.e. Dovecot 1.2) will automatically list capabilities in the response codes after these events so that the client doesn't need to send an explicit CAPABILITY command. I believe this behavior is suggested in the Lemonade profile.
michael
