Comment explaining the nodict flag.

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1043073 13f79535-47bb-0310-9956-ffa450edef68
author: Michael Goulish <mgoulish@apache.org> 2010-12-07 14:56:22 +0000
committer: Michael Goulish <mgoulish@apache.org> 2010-12-07 14:56:22 +0000
commit: 88a8958a5201c7dd6864561bfa501fccaab89860 (patch)
tree: 5e14c28ee1f5c3efd38934555a6008802f767651 /qpid/cpp/src
parent: 73140680684872939df955e36f3f2ec2b134dd7e (diff)
download: qpid-python-88a8958a5201c7dd6864561bfa501fccaab89860.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp b/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp
index 6e78446334..acdb4934d4 100644
--- a/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp
+++ b/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp
@@ -294,6 +294,14 @@ void CyrusAuthenticator::init()
     secprops.property_names = 0;
     secprops.property_values = 0;
     secprops.security_flags = 0; /* or SASL_SEC_NOANONYMOUS etc as appropriate */
+    /*
+     * The nodict flag restricts SASL authentication mechanisms 
+     * to those that are not susceptible to dictionary attacks.  
+     * They are:  
+     *   SRP
+     *   PASSDSS-3DES-1
+     *   EXTERNAL
+     */
     if (external.nodict) secprops.security_flags |= SASL_SEC_NODICTIONARY;    
     int result = sasl_setprop(sasl_conn, SASL_SEC_PROPS, &secprops);
     if (result != SASL_OK) {
author	Michael Goulish <mgoulish@apache.org>	2010-12-07 14:56:22 +0000
committer	Michael Goulish <mgoulish@apache.org>	2010-12-07 14:56:22 +0000
commit	88a8958a5201c7dd6864561bfa501fccaab89860 (patch)
tree	5e14c28ee1f5c3efd38934555a6008802f767651 /qpid/cpp/src
parent	73140680684872939df955e36f3f2ec2b134dd7e (diff)
download	qpid-python-88a8958a5201c7dd6864561bfa501fccaab89860.tar.gz