cURL / Mailing Lists / curl-library / Single Mail


RE: [bagder/curl] 0d24f6: sasl: implement EXTERNAL authentication mechanism.

From: Steve Holme <>
Date: Wed, 28 Jan 2015 20:29:27 +0000

On Tue, 27 Jan 2015, GitHub wrote:

> sasl: implement EXTERNAL authentication mechanism.

Many thanks for adding this and for knocking another TODO off the list ;-)

I have often thought about adding this myself as I believed it was relatively easy to do, due to the authentication identifier being in the same format as the username in LOGIN, however I had always had the following concerns:

* Do we need to limit this to TLS upgraded sessions - the examples in the RFC seem to use this as the EXTERNAL authentication mechanism?
* Are there other EXTERNAL mechanisms that can be used rather than client certificates?
* Should we implement support for an empty authentication identifier (via an empty username) as I believe is allowed in the RFC or do your modifications already cater for this?

Kind Regards


List admin:

Received on 2015-01-28