[Date Prev][Date Next] [Chronological] [Thread] [Top]

authmeth: user-specified SASL mechanisms

To: ietf-ldapbis@OpenLDAP.org
Subject: authmeth: user-specified SASL mechanisms
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Sat, 3 Jan 2004 15:32:42 +0100

authmeth-09 says:

> 3.3.5. Rules for using SASL security layers

>    Because SASL mechanisms provide critical security functions, clients
>    and servers should allow the user to specify what mechanisms are
>    acceptable and allow only those mechanisms to be used.

By itself, I think this is bad advice, because most users know very
little about security.  I suppose many clients will have to ask
their users, but preferably they should also explain the
implications of what they allow the user to select.

-- 
Hallvard

Follow-Ups:
- Re: authmeth: user-specified SASL mechanisms
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: authmeth: unsupported <TLS+anonymous bind>
Next by Date: authmeth: missing protection
Index(es):
- Chronological
- Thread