1 |
On Friday 24 February 2006 15:58, Michael Sullivan wrote: |
2 |
> Based on what I read at the link you sent me, I think what I want is the |
3 |
> following: |
4 |
> |
5 |
> CRAM-MD5: Protects the password in transit against eavesdroppers. |
6 |
> Somewhat good support in clients. |
7 |
> |
8 |
> The problem is that the web site doesn't tell me how to create a |
9 |
> CRAM-MD5 password database... |
10 |
|
11 |
CRAM-MD5 isn't a good choice. |
12 |
The password is sent as a hash, based on a randomly generated per connection |
13 |
string. This means you have no choice but to have the password in plain text |
14 |
on the server to check against. |
15 |
Like kashani says, use tls/ssl. |
16 |
|
17 |
-- |
18 |
Mike Williams |
19 |
-- |
20 |
gentoo-user@g.o mailing list |