On Thu, Feb 20, 2003 at 06:17:37AM -0800, John Rudd wrote: > > > The same method works equally well for a SASL database of plaintext > > > passwords. i.e. you can encrypt the whole lot with a symmetric cipher. When > > > you need to authenticate someone, you decrypt the relevant password and run > > > in through the CRAM algorithm. > > > > Yes, but, wasn't the original complaint that "this isn't being done", not > > that "it cannot be done"? I didn't offer kerberos as "the only solution", > > I offered it as a counter-example to the statement that the password has > > to be in the clear somewhere. > > And, just to be clear, I'm also not offering kerberos as a "perfect > solution". Just as a counter-example to the claim.
Quite understood :-) We just have a mixup in terminology I think. When I said "stored in cleartext" I meant that it had to be available on the server in cleartext; I did not mean to exclude the possibility of obscuring its value with 2-way encryption, but ultimately it has to be decrypted back to the cleartext value before you can use it in the algorithm. So the server has to "have" the cleartext value when it needs it, it doesn't have to "store" it like that in between times. Regards, Brian. ------------------------------------------------------- This SF.net email is sponsored by: SlickEdit Inc. Develop an edge. The most comprehensive and flexible code editor you can use. Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial. www.slickedit.com/sourceforge _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
