[Date Prev][Date Next] [Chronological] [Thread] [Top]

authmeth: user-specified SASL mechanisms



authmeth-09 says:

> 3.3.5. Rules for using SASL security layers

>    Because SASL mechanisms provide critical security functions, clients
>    and servers should allow the user to specify what mechanisms are
>    acceptable and allow only those mechanisms to be used.

By itself, I think this is bad advice, because most users know very
little about security.  I suppose many clients will have to ask
their users, but preferably they should also explain the
implications of what they allow the user to select.

-- 
Hallvard