However it does lack any way to support indicating to the server which credential will be used, other than perhaps by implication from the SASL mechanism.That's not the purview of a SASL profile. If a SASL mechanism supports multiple credentials, that's entirely encapsulated within that mechanism.
Except that it is not. For example all of the SCRAM-SASL-* profiles can easily support authentication with any of the passwords on an account, but they need to know in advance which one is being used. So SASL mechanism is insufficient for selecting credential by itself.
The same goes for the HT-* token mechanisms.
signature.asc
Description: PGP signature
_______________________________________________ Standards mailing list -- [email protected] To unsubscribe send an email to [email protected]
