Add a flag to SASL channels indicating whether the password can be saved

Sometimes a password should not be stored in the system keyring, so we need a
flag on the SASL authentication channels to indicate when a client may save the
password and when it may not.

1 files changed, 16 insertions, 0 deletions

diff --git a/spec/Channel_Interface_SASL_Authentication.xml b/spec/Channel_Interface_SASL_Authentication.xml
index 38568b1d..d74b36b5 100644
--- a/spec/Channel_Interface_SASL_Authentication.xml
+++ b/spec/Channel_Interface_SASL_Authentication.xml
@@ -367,6 +367,22 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.</
       </tp:docstring>
     </property>
 
+    <property name="MaySaveResponse" tp:name-for-bindings="May_Save_Response"
+      type="b" access="read" tp:immutable="yes">
+      <tp:docstring xmlns="http://www.w3.org/1999/xhtml">
+        <p>Whether or not the client can save the authentication response and
+          re-use it to automate future authentication challenges.</p>
+
+        <p>If this property is false, the client should not attempt to cache the
+          authentication response in its own keyring.</p>
+
+        <p>If this property is not specified, it should be treated as if it were
+          true.</p>
+
+      </tp:docstring>
+    </property>
+
+
     <method name="StartMechanism" tp:name-for-bindings="Start_Mechanism">
       <arg direction="in" name="Mechanism" type="s" tp:type="SASL_Mechanism">
         <tp:docstring>