Comment explaining the nodict flag.

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1043073 13f79535-47bb-0310-9956-ffa450edef68
author: Michael Goulish <mgoulish@apache.org> 2010-12-07 14:56:22 +0000
committer: Michael Goulish <mgoulish@apache.org> 2010-12-07 14:56:22 +0000
commit: 253675bba366c03a4fc2739a6567b54376767285 (patch)
tree: 093adbc122b53ed185389d0995f3ee9d5469876b /cpp/src/qpid
parent: 06979be872dab1a454155c09e26e6d3d4e050225 (diff)
download: qpid-python-253675bba366c03a4fc2739a6567b54376767285.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/cpp/src/qpid/broker/SaslAuthenticator.cpp b/cpp/src/qpid/broker/SaslAuthenticator.cpp
index 6e78446334..acdb4934d4 100644
--- a/cpp/src/qpid/broker/SaslAuthenticator.cpp
+++ b/cpp/src/qpid/broker/SaslAuthenticator.cpp
@@ -294,6 +294,14 @@ void CyrusAuthenticator::init()
     secprops.property_names = 0;
     secprops.property_values = 0;
     secprops.security_flags = 0; /* or SASL_SEC_NOANONYMOUS etc as appropriate */
+    /*
+     * The nodict flag restricts SASL authentication mechanisms 
+     * to those that are not susceptible to dictionary attacks.  
+     * They are:  
+     *   SRP
+     *   PASSDSS-3DES-1
+     *   EXTERNAL
+     */
     if (external.nodict) secprops.security_flags |= SASL_SEC_NODICTIONARY;    
     int result = sasl_setprop(sasl_conn, SASL_SEC_PROPS, &secprops);
     if (result != SASL_OK) {
author	Michael Goulish <mgoulish@apache.org>	2010-12-07 14:56:22 +0000
committer	Michael Goulish <mgoulish@apache.org>	2010-12-07 14:56:22 +0000
commit	253675bba366c03a4fc2739a6567b54376767285 (patch)
tree	093adbc122b53ed185389d0995f3ee9d5469876b /cpp/src/qpid
parent	06979be872dab1a454155c09e26e6d3d4e050225 (diff)
download	qpid-python-253675bba366c03a4fc2739a6567b54376767285.tar.gz