SASL testing

Russ Allbery rra at
Tue Sep 23 17:21:32 UTC 2008

Julien ÉLIE <julien at> writes:

> The problem is that I cannot remove LOGIN.
> I wandered a bit in SASL implementations and saw:
> /* NOPLAINTEXT          -- don't permit mechanisms susceptible to simple
> *                         passive attack (e.g., PLAIN, LOGIN)
> I suppose we will have to keep LOGIN...

It's fine to support LOGIN where we support PLAIN.  I suspect that the
underlying library just supports it for legacy reasons.

Russ Allbery (rra at             <>

    Please send questions to the list rather than mailing me directly.
     <> explains why.

More information about the inn-workers mailing list