On Tue, 2008-03-25 at 15:16 -0600, Peter Saint-Andre wrote: > Evan Schoenberg of the Adium project pinged offlist regarding the proper > behavior for a client to follow if SASL authentication fails using one > mechanism but other mechanisms are available. > [..]
If one mechanism fails with <not-authorized/>, why would another one succeed, exactly? I would say that a client should choose one mechanism that is offered by the server (maybe the 'strongest', whatever that is) and stick to it. Note that for other failures, like <mechanism-too-weak/>, changing mechanisms might be useful. -- Groetjes, ralphm