[ejabberd] Re: Can't mix XMPP and non-SASL auth

Leif Johansson leifj at it.su.se
Thu Nov 11 19:21:46 MSK 2004


Andreas van Cranenburgh wrote:
> On Thu, Nov 11, 2004 at 04:57:50PM +0100, Magnus Henoch wrote:
> 
>>Peter Saint-Andre <stpeter at jabber.org> writes:
>>
>>
>>>And a client that doesn't do SASL should not say that it supports XMPP 
>>>1.0, either.
>>
>>Hm, I guess that's right.  But, if SASL is required for XMPP
>>compliance, and XMPP is required for advertising stream features,
>>what's the point of having a stream feature for non-SASL
>>authentication?
> 
> 
> Because perhaps forcing SASL on people is not such nice thing to do
> 
> I for one don't really like it, within an SSL connection it doesn't have
> security benefits and the S for Simple in SASL is such a frustrating lie!
> I've spent hours on debugging it so that it would work on my mailserver
> (works now, with a few kludges).
> 

The secret answer is that SASL is only worth the effort if you
are using GSSAPI which often implies a Kerberos or Globus/GRID
infrastructure.

	MVH leifj


More information about the ejabberd mailing list