diff --git a/ChangeLog b/ChangeLog
index c72ab58cf..234097299 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2006-04-28  Alexey Shchepin  <alexey@sevcom.net>
+
+	* src/cyrsasl.erl: Bugfix: anonymous authentication was always
+	enabled
+
 2006-04-27  Mickael Remond  <mickael.remond@process-one.net>
 
 	* src/ejabberd_ctl.erl: The status now only returns "started" if
diff --git a/src/cyrsasl.erl b/src/cyrsasl.erl
index 4b040bee2..f8e548826 100644
--- a/src/cyrsasl.erl
+++ b/src/cyrsasl.erl
@@ -104,16 +104,21 @@ server_new(Service, ServerFQDN, UserRealm, SecFlags,
 		check_password = CheckPassword}.
 
 server_start(State, Mech, ClientIn) ->
-    case ets:lookup(sasl_mechanism, Mech) of
-	[#sasl_mechanism{module = Module}] ->
-	    {ok, MechState} = Module:mech_new(
-				State#sasl_state.myname,
-				State#sasl_state.get_password,
-				State#sasl_state.check_password),
-	    server_step(State#sasl_state{mech_mod = Module,
-					 mech_state = MechState},
-			ClientIn);
-	_ ->
+    case lists:member(Mech, listmech(State#sasl_state.myname)) of
+	true ->
+	    case ets:lookup(sasl_mechanism, Mech) of
+		[#sasl_mechanism{module = Module}] ->
+		    {ok, MechState} = Module:mech_new(
+					State#sasl_state.myname,
+					State#sasl_state.get_password,
+					State#sasl_state.check_password),
+		    server_step(State#sasl_state{mech_mod = Module,
+						 mech_state = MechState},
+				ClientIn);
+		_ ->
+		    {error, "no-mechanism"}
+	    end;
+	false ->
 	    {error, "no-mechanism"}
     end.
 
@@ -140,5 +145,5 @@ server_step(State, ClientIn) ->
 filter_anonymous(Host, Mechs) ->
     case ejabberd_auth_anonymous:is_sasl_anonymous_enabled(Host) of
 	true  -> Mechs;
-	false -> Mechs -- "ANONYMOUS"
+	false -> Mechs -- ["ANONYMOUS"]
     end.