On Fri, 16 Aug 2002, Murat Bicer wrote: >Passwords are not stored plaintext. >The authentication is plaintext.
Using Kerberos? You certainly need to store passwords in plaintext (or be able to retreive them in plaintext) to implement Kerberos. >To avoid people capturing your passwords, you will encrypt the session >using ssl or TLS. I think you've misunderstood.. I'm talking about server implementation of Kerberos. Have you implemented Kerberos before? Andy >Makes sense? >Authorization by imapd will be using pamd. >Murat > >Andreas Aardal Hanssen wrote: > >>Where would you store the plain text passwords? >> >>Andy >> >>On Fri, 16 Aug 2002, Murat Bicer wrote: >> >> >> >>>You can use stunnel and keep using plain test passwords. >>>In which case you need to have an ssl certificate. Either you have to >>>buy it or you take the risk of having a man in the middle attack. >>> >>>You can use also TLS which will require a certificate as well. >>> >>> >>>Andreas Aardal Hanssen wrote: >>> >>> >>> >>>>Does anyone on this list have a safe way of providing kerberos >>>>authentication? >>>> >>>>I've thought of a couple of things: >>>> >>>>- storing passwords plain >>>> >>>>Obviously not a solution one would strive for, but there may be safe ways >>>>to do this - retreiving password through an encrypted channel, forced >>>>commands, etc etc >>>> >>>>- symmetric encryption, using private key owned by imap server / >>>> user >>>> >>>>Well, the obvious problem here is that the key can get compromized. >>>> >>>>Andy >>>> >>>> >>>> >>>> >>>> >>> >>> >>> >> >> >> > > > -- Andreas Aardal Hanssen
