[Date Prev][Date Next]
authmeth: user-specified SASL mechanisms
> 3.3.5. Rules for using SASL security layers
> Because SASL mechanisms provide critical security functions, clients
> and servers should allow the user to specify what mechanisms are
> acceptable and allow only those mechanisms to be used.
By itself, I think this is bad advice, because most users know very
little about security. I suppose many clients will have to ask
their users, but preferably they should also explain the
implications of what they allow the user to select.