[jdev] sasl error on multiple <auth/>?
Alexander Holler
holler at ahsoftware.de
Thu Aug 25 14:57:48 UTC 2011
Hello,
I have a similiar question as the one before. ;)
What should a server do when he receives an <auth/> after a successfull
negotiation?
RFC 6120 6.4.2 only defines what happens when the authentication isn't
completed but not what happens when the authentication was completed.
Maybe a <failure/> with <malformed-request/>. Or should the server
proceed and throw away the authentication done before?
It's easy to fool clients into doing that, just announce <mechanisms/>
in <features/> when the stream got restarted after successfull
authentication. That itself isn't the correct thing to do, but happens. ;)
Regards,
Alexander
More information about the JDev
mailing list