AUTHINFO SASL command length
Julien ÉLIE
julien at trigofacile.com
Sun Sep 21 11:25:15 UTC 2008
Hi,
In RFC 4634:
Syntax
AUTHINFO SASL mechanism [initial-response]
This command MAY exceed 512 octets. The maximum length of this
command is increased to that which can accommodate the largest
encoded initial response possible for any of the SASL mechanisms
supported by the implementation.
How can I find out the largest encoded initial response possible?
I assume it depends on SASL libraries.
I saw that for current "POP3 SASL Authentication Mechanism" draft,
they say:
For the purposes of the initial client response, the 255-octet
limit on the length of a single command, defined in section 4
of [RFC2449], still applies. If specifying an initial
response would cause the AUTH command to exceed this length,
the client MUST NOT use the initial-response parameter (and
must proceed instead by sending its initial response after an
empty challenge from the server, as in section 3 of
[RFC4422]).
:)
But well, for us, how do we know the length to use for initial responses?
I found Ken Murchison's note about that:
http://lists.eyrie.org/pipermail/ietf-nntp/2002-October/002738.html
"No existing SASL mechanism that I'm aware of has a first client response
anywhere near that limit [of 512 chars less AUTHINFO SASL mechanism]."
Is is sure?
Or do we have, all the same, to implement an exception for AUTHINFO SASL
lines?
--
Julien ÉLIE
« Inter procula sileent negotia. »
More information about the inn-workers
mailing list