[Standards-JIG] Re: Call for Experience: JEP-0078 (Non-SASLAuthentication)
stpeter at jabber.org
Wed Sep 29 14:56:58 UTC 2004
<8CDC3525190B624F8F740435C7B9A01D0C1100 at heineken.winfessor.com>,
"JD Conley" <jconley at winfessor.com> wrote:
> > You presume that ALL users can authenticate using the same method.
> > This is not always the case. A server implementation may not allow
> > admins to ever authenticate via plaintext for example. We need to keep
> > the username element for these scenarios.
> But we can't do this in SASL. If this is a valid case then we have to
> keep this JEP around forever.
This JEP is not going to be maintained forever -- Section 7 states that
it will expire 6 months from the date it goes Final unless the Council
decides to extend it. The desire is to deprecate this JEP as soon as
most implementations have implemented SASL.
And if I understand the use case Peter brought up, we can do this with
SASL, since SASL auth lets the server offer or accept different methods
from different users.
More information about the Standards