Good error reporting can help in tracking down authentication problems and in other debugging. Developers of plug-ins are encouraged to use the sasl_seterror() callback in the sasl_utils_t structure to supply detailed error information for a given connection.
The general rule for allocating memory in SASL is to free any memory that you have allocated when that memory is no longer needed. Following this rule improves performance and portability, and prevents memory leaks.
A plug-in mechanism can set the order in which a client and server conduct a SASL conversation through the following flags:
SASL_FEAT_WANT_CLIENT_FIRST – The client side begins the interchange.
SASL_FEAT_WANT_SERVER_LAST – The server sends the final data to the client.
If neither flag is set, the mechanism plug-in sets the order internally. In this case, the mechanism must check both the client and server for data that needs to be sent. Note that the situation where the client sends first is only possible when the protocol permits an initial response.
The case in which the server sends last requires that the plug-in set *serverout when the step function returns SASL_OK. Those mechanisms that never have the server send last must set *serverout to NULL. Those mechanisms that always have the server send last need to point *serverout to the success data.