| 1 |
On Friday 24 February 2006 15:58, Michael Sullivan wrote: |
| 2 |
> Based on what I read at the link you sent me, I think what I want is the |
| 3 |
> following: |
| 4 |
> |
| 5 |
> CRAM-MD5: Protects the password in transit against eavesdroppers. |
| 6 |
> Somewhat good support in clients. |
| 7 |
> |
| 8 |
> The problem is that the web site doesn't tell me how to create a |
| 9 |
> CRAM-MD5 password database... |
| 10 |
|
| 11 |
CRAM-MD5 isn't a good choice. |
| 12 |
The password is sent as a hash, based on a randomly generated per connection |
| 13 |
string. This means you have no choice but to have the password in plain text |
| 14 |
on the server to check against. |
| 15 |
Like kashani says, use tls/ssl. |
| 16 |
|
| 17 |
-- |
| 18 |
Mike Williams |
| 19 |
-- |
| 20 |
gentoo-user@g.o mailing list |
Archives