[ https://issues.apache.org/jira/browse/PROTON-950?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14652448#comment-14652448 ]
Andrew Stitcher commented on PROTON-950: ---------------------------------------- To be clear: * The client mechanisms available without Cyrus are ANONYMOUS, PLAIN and EXTERNAL * The server mechanisms are ANONYMOUS and EXTERNAL (no PLAIN because we have no way to request authentication of a user/password pair) * The default PLAIN behaviour is the same bith with and without Cyrus viz: - It is intuitive that the behaviour doesn't vary depending on the library build, but - By default without SSL you cannot authenticate a user without Cyrus. > SASL PLAIN over cleartext should be supported > --------------------------------------------- > > Key: PROTON-950 > URL: https://issues.apache.org/jira/browse/PROTON-950 > Project: Qpid Proton > Issue Type: Bug > Components: proton-c > Affects Versions: 0.10 > Reporter: Ted Ross > Assignee: Andrew Stitcher > Priority: Blocker > Fix For: 0.10 > > > In the current 0.10 alpha, if SASL PLAIN is selected, it will only work if > the connection is encrypted (using SSL). This is a surprising change of > behavior from earlier versions of Proton and it's arguable that a security > policy like that should be left to the application using the Proton library. -- This message was sent by Atlassian JIRA (v6.3.4#6332)