Milan Oberkirch added the comment: My interpretation of this paragraph is the following (English is not my native language so please correct me if I'm wrong): The requirement is to provide a configuration where plain auth is disabled if password snooping would be possible otherwise not to forbid such configurations generally. An admin SHOULD provide security measures to prevent password snooping.
Setting enable_AUTH=False is a configuration where plain authentication is not permitted. The admin should provide a STARTTLS (or any other encrypted) tunnel if enabling AUTH (stunnel would be a common solution on Linux). Maybe we should explicitly mention that in the docs? ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue21935> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
