Re: Using crypt passwords

From: Ken Murchison (ken at oceana dot com)
Date: Thu Jun 03 2004 - 07:42:47 EDT

  • Next message: The Shell: "SASL added principles to Kerberos cache but returned error."

    Branko F. Grac(nar wrote:

    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > Ken Murchison wrote:
    >
    >
    >>>Thanks!
    >>>But why is the patch not included in the main distribution?
    >>
    >>
    >>Because this patch will break all of the non-plaintext mechanisms. If
    >>we receive a patch which uses a separate property for the crypted
    >>password, we would probably consider including it.
    >
    >
    > Hello.
    >
    > My patch has 'password_format' property. if this property is not set,
    > cleartext passwords are used by default.

    I realize that, but its still reusing the userPassword property. Not
    only is that property used for plaintext authentication mechanisms, but
    its also used for the shared secret mechs as well (DIGEST-MD5, CRAM-MD5,
    NTLM). I can almost guarantee that somebody will ask why they can't use
    DIGEST-MD5 even though they have a (crypted) userPassword.

    Whether this patch gets applied to CVS or not is ultimately Rob's call,
    but I believe he and I are on the same page.

    -- 
    Kenneth Murchison     Oceana Matrix Ltd.
    Software Engineer     21 Princeton Place
    716-662-8973 x26      Orchard Park, NY 14127
    --PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp
    

  • Next message: The Shell: "SASL added principles to Kerberos cache but returned error."





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD