[Fwd: Re: XMPP auth: Proper action if a GSSAPI authentication request fails and more mechs are available]]

[Simon Wilkinson]

On 28 Mar 2008, at 01:00, Evan Schoenberg wrote:

> Summary of below conversation:
>
> SASL authentication for XMPP should (in the sense of SHOULD)  
> respond to a not-authorized message by trying the next mechanism  
> down the line rather than bailing out with an incorrect password  
> message.
>

I thought that the SASL code I'd written for pidgin had this feature  
- it's certainly what I try to do with all of the SASL  
implementations I write.

Simon.