AUTHINFO SASL command length

Julien ÉLIE julien at trigofacile.com
Sun Sep 21 11:25:15 UTC 2008


Hi,

In RFC 4634:

   Syntax
      AUTHINFO SASL mechanism [initial-response]

   This command MAY exceed 512 octets.  The maximum length of this
   command is increased to that which can accommodate the largest
   encoded initial response possible for any of the SASL mechanisms
   supported by the implementation.


How can I find out the largest encoded initial response possible?
I assume it depends on SASL libraries.


I saw that for current "POP3 SASL Authentication Mechanism" draft,
they say:

          For the purposes of the initial client response, the 255-octet
          limit on the length of a single command, defined in section 4
          of [RFC2449], still applies.  If specifying an initial
          response would cause the AUTH command to exceed this length,
          the client MUST NOT use the initial-response parameter (and
          must proceed instead by sending its initial response after an
          empty challenge from the server, as in section 3 of
          [RFC4422]).

:)

But well, for us, how do we know the length to use for initial responses?

I found Ken Murchison's note about that:
    http://lists.eyrie.org/pipermail/ietf-nntp/2002-October/002738.html

"No existing SASL mechanism that I'm aware of has a first client response
anywhere near that limit [of 512 chars less AUTHINFO SASL mechanism]."

Is is sure?
Or do we have, all the same, to implement an exception for AUTHINFO SASL
lines?

-- 
Julien ÉLIE

« Inter procula sileent negotia. »



More information about the inn-workers mailing list