SASL testing
Russ Allbery
rra at stanford.edu
Tue Sep 23 17:21:32 UTC 2008
Julien ÉLIE <julien at trigofacile.com> writes:
> The problem is that I cannot remove LOGIN.
> I wandered a bit in SASL implementations and saw:
>
> /* NOPLAINTEXT -- don't permit mechanisms susceptible to simple
> * passive attack (e.g., PLAIN, LOGIN)
>
> I suppose we will have to keep LOGIN...
It's fine to support LOGIN where we support PLAIN. I suspect that the
underlying library just supports it for legacy reasons.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
Please send questions to the list rather than mailing me directly.
<http://www.eyrie.org/~eagle/faqs/questions.html> explains why.
More information about the inn-workers
mailing list