Milan Oberkirch added the comment:

My interpretation of this paragraph is the following (English is not my native 
language so please correct me if I'm wrong):
The requirement is to provide a configuration where plain auth is disabled if 
password snooping would be possible otherwise not to forbid such configurations 
generally. An admin SHOULD provide security measures to prevent password 
snooping. 

Setting enable_AUTH=False is a configuration where plain authentication is not 
permitted. The admin should provide a STARTTLS (or any other encrypted) tunnel 
if enabling AUTH (stunnel would be a common solution on Linux).

Maybe we should explicitly mention that in the docs?

----------

_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue21935>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to