mod_saslauth: Disable DIGEST-MD5 by default (closes #515)

diff --git a/plugins/mod_saslauth.lua b/plugins/mod_saslauth.lua
index 7e9b0720a9e7daa5c3c43bb3ba44d4e51620c476..bb36600b2e066641e59fc975c4a01281b90f23dd 100644 (file)
--- a/plugins/mod_saslauth.lua
+++ b/plugins/mod_saslauth.lua
@@ -19,7 +19,7 @@ local tostring = tostring;
 local secure_auth_only = module:get_option_boolean("c2s_require_encryption", module:get_option_boolean("require_encryption", false));
 local allow_unencrypted_plain_auth = module:get_option_boolean("allow_unencrypted_plain_auth", false)
 local insecure_mechanisms = module:get_option_set("insecure_sasl_mechanisms", allow_unencrypted_plain_auth and {} or {"PLAIN", "LOGIN"});
-local disabled_mechanisms = module:get_option_set("disable_sasl_mechanisms", {});
+local disabled_mechanisms = module:get_option_set("disable_sasl_mechanisms", { "DIGEST-MD5" });
 
 local log = module._log;