> > Would you accept a patch for that, or do you think above code is all we need? > > We shouldn't ask username for the current auth methods. Why? Using SASL without username is a bit limited - or do I miss something? And you can still use tickets if you check for strlen(username) == 0 ?