On 4/29/10 3:28 PM, "Evan Schoenberg, M.D." <eva...@dreskin.net> wrote:
> Trying all available mechanisms is the correct behavior, as far as I am aware. > See http://trac.adium.im/ticket/8108 for a realworld use-case of this, in > which GSSAPI is tried, and, if it fails, the desired behavior is to attempt > CRAM-MD5 or DIGEST-MD5 password-based authentication. The bug is less of an issue than it used to be, since XEP-78 old-style authentication has been deprecated. Servers tend to implement SASL PLAIN instead. > Peter, could you please weigh in on the correct SASL authentication behavior > when multiple co-compatible mechanisms are available and the first one > attempted fails? I'm interested in Peter's input, too. -- Joe Hildebrand