[Standards] rfc3920bis: SASL "fallback" on auth failure

Peter Saint-Andre stpeter at stpeter.im
Fri May 30 21:57:55 UTC 2008

On 03/26/2008 4:48 AM, Maciek Niedzielski wrote:
> Alexey Melnikov pisze:
>> Ralph Meijer wrote:
>>> On Tue, 2008-03-25 at 15:16 -0600, Peter Saint-Andre wrote:
>>>> Evan Schoenberg of the Adium project pinged offlist regarding the
>>>> proper
>>>> behavior for a client to follow if SASL authentication fails using one
>>>> mechanism but other mechanisms are available.
>>>> [..]
>>> If one mechanism fails with <not-authorized/>, why would another one
>>> succeed, exactly?
>> Because different mechanisms might be using different authentication
>> databases. For example DIGEST-MD5 and GSSAPI.
> Is it usually possible for the server to know that failure was caused by
> using wrong method? If yes, maybe it would be worth adding a different
> error for this case?

As far as I can see there is not separate error for this case, but I may
be missing something. Perhaps Alexey Melnikov can shed some light on
this for us. :)


Peter Saint-Andre

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20080530/fb18fc1a/attachment.bin>

More information about the Standards mailing list