Thanks for your comments, Michael.
I don't know how this works (obviously). Let me back up and explain what I'm
doing. I have a web site hosted on a machine at my company and the sysadmins
did not want to let me use the Microsoft FTP server because it sent passwords
in plaintext, so they installed Serv-U instead and turned on the MD5 option at
the server. Before they set the MD5 option, both the FTP Voyager client and my
perl code:
my $ftp = Net::FTP->new($ftp_server) or die "can't connect to ftp server at
$ftp_server: $!";
$ftp->login($ftp_username, $ftp_password) or die "can't login to ftp server at
$ftp_server with user $ftp_username: $!";
could log me in to the FTP Server. After they set the MD5 option on the server,
I could not log on with FTP Voyager, until I selected the MD5 option, then it
worked again.
My question was, how do I change the Perl code to do the same thing? But your
comments tell me that I really don't understand what's happening or how the
authorization is supposed to work. Thanks.
John
> > The FTP Server has been changed to use MD5 encryption
>
> I don't understand how this is relevant. Wven if the FTP server supports
> hashing passwords using MD5 you should still need to send the password in
> plaintext over the network. The only differences are the ability to specify
> longer passwords, and how the password is hashed in the FTP server's
> password file.
>
>
> > I also connect using the FTP Voyager client and I had to check the MD5
> > option to get it to work.
>
> This doesn't make much sense. If your FTP server really requires the
> password be sent over the network as an MD5 hash then your password is
> actually the MD5 hash; that is the authentication token being used, and
> sniffing that and replaying it will give someone access to the FTP server.
>
> In other words, this MD5 hashing of passwords by your FTP server sounds
> fishy. What FTP server are you using? Are you certain it requires
> passwords sent over the network as an MD5 hash, or is it just how it stores
> the passwords in its password file (or database)?
>
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
