On Wed, 2003-02-19 at 21:54, John Rudd wrote: > On Wednesday, Feb 19, 2003, at 15:05 US/Pacific, Brian Candler wrote: > > > I am not quite sure what you're getting at. You cannot design a > > password-based authentication system where there is neither a > > 'cleartext' > > shared secret at the server, nor a 'cleartext' password sent over the > > wire. > > Bzzt. Wrong. Thanks for playing. > > Use Kerberos, with Kerberized POP, SASL Kerberos v4, or SASL Kerberos > v5. > > It does _EXACTLY_ what your first paragraph says you cannot design, and > does so without public-key authentication.
No it doesn't. > 1) the keys are encrypted in the KDC, not plain text You're mistaken. The KDC stores plain text passwords. The password is what is uses as the encryption key on tickets. How else do you think they are encrypted by the KDC and then decrypted only by the user requesting the TGT? http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html#weakness > 2) the mechanism is 'shared secret' based Which means that the server and the user both know the password. They share that secret. ------------------------------------------------------- This SF.net email is sponsored by: SlickEdit Inc. Develop an edge. The most comprehensive and flexible code editor you can use. Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial. www.slickedit.com/sourceforge _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
