On Apr 29, 2010, at 4:17 PM, Joe Hildebrand wrote: > I've not seen Adium try a second method without waiting for a result, but I > have seen it try another mechanism when the first one fails. > > This is almost always wrong, since if one mechanism fails, another one is > unlikely to work. As well, this leads to some servers disconnecting you > when you enter the wrong password. What the user sees is "Socket Error", > not "Bad Password", which is almost impossible for them to diagnose.
Trying all available mechanisms is the correct behavior, as far as I am aware. See http://trac.adium.im/ticket/8108 for a realworld use-case of this, in which GSSAPI is tried, and, if it fails, the desired behavior is to attempt CRAM-MD5 or DIGEST-MD5 password-based authentication. Peter, could you please weigh in on the correct SASL authentication behavior when multiple co-compatible mechanisms are available and the first one attempted fails? -Evan
