SASL testing

Russ Allbery rra at stanford.edu
Tue Sep 23 17:21:32 UTC 2008


Julien ÉLIE <julien at trigofacile.com> writes:

> The problem is that I cannot remove LOGIN.
> I wandered a bit in SASL implementations and saw:
>
> /* NOPLAINTEXT          -- don't permit mechanisms susceptible to simple
> *                         passive attack (e.g., PLAIN, LOGIN)
>
> I suppose we will have to keep LOGIN...

It's fine to support LOGIN where we support PLAIN.  I suspect that the
underlying library just supports it for legacy reasons.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

    Please send questions to the list rather than mailing me directly.
     <http://www.eyrie.org/~eagle/faqs/questions.html> explains why.


More information about the inn-workers mailing list