[ejabberd] Re: Can't mix XMPP and non-SASL auth

Leif Johansson leifj at it.su.se
Thu Nov 11 20:16:41 MSK 2004


Andreas van Cranenburgh wrote:
> On Thu, Nov 11, 2004 at 05:21:46PM +0100, Leif Johansson wrote:
> 
>>The secret answer is that SASL is only worth the effort if you
>>are using GSSAPI which often implies a Kerberos or Globus/GRID
>>infrastructure.
> 
> 
> Which is certainly not worth all the trouble and resources for XMPP. If
> people want security they should take matters in their own hands and use
> GPG anyway.

Show me the IT shop that only runs xmpp! Of course it is worth the
"trouble".

> People devise very clever/complex authentication protocols, in the end
> Joe User will still have a worthlessly easy password and the administrator /
> managers will have some more false sense of security.
> 

Can you spell AD? Most real users (as opposed to techies) in the
"enterprise" run Windows. Windows uses Kerberos. And yes, it
interoperates well.

	MVH leifj


More information about the ejabberd mailing list