I meant to also add that I think it is generally considered bad form to silently fall back to a weaker security mechanism when a stronger on fails. I want to be able to configure my mail client to use GSSAPI, and if it fails, I want to be told that it failed, not fall back and perhaps successfully authenticate using CRAM-MD5, leaving me without a clue that my chosen auth method is not working.
As a side note, should we be opening new bugs in bugzilla for this, or maybe reopen bug 303160? Or is hashing it out here completely sufficient for now? -- ________ Jim Alexander __________________ [EMAIL PROTECTED] ________________ I have yet to see a problem, however complicated, which, when you looked at it in the right way, did not become still more complicated. -- Poul Anderson ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos