[ejabberd] Re: Can't mix XMPP and non-SASL auth

Andreas van Cranenburgh andreas at unstable.nl
Thu Nov 11 19:55:09 MSK 2004


On Thu, Nov 11, 2004 at 05:21:46PM +0100, Leif Johansson wrote:
> The secret answer is that SASL is only worth the effort if you
> are using GSSAPI which often implies a Kerberos or Globus/GRID
> infrastructure.

Which is certainly not worth all the trouble and resources for XMPP. If
people want security they should take matters in their own hands and use
GPG anyway.

People devise very clever/complex authentication protocols, in the end
Joe User will still have a worthlessly easy password and the administrator /
managers will have some more false sense of security.

	Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.jabber.ru/pipermail/ejabberd/attachments/20041111/5d723a75/attachment.bin


More information about the ejabberd mailing list