Also does not seem dictated in docs nor comments. De-facto it is a string pointer, in some code constrained by a SMALLBUF sized character array, where SMALLBUF is a macro currently defined to 512.
Looking on a larger scale, it seems the server-client code currently passes it in the open (safety subject to ssl tunnel) and compares as strings. A valid future improvement (in code and protocol) could be to support transferring (and storing in config?) hashed values, one-time salt exchange, etc. similar to how a modern `passwd` does it. Just needs someone to design, implement and thoroughly yest it (in our many clients, libs, bindings...) and keeping in mind that if we keep a degree of backwards compatibility (would be good) without a toggle in clients and servers for only-safe auth exchange (would be folly), then a rogue server claiming to be an old NUT would easily collect plaintext servers by the legacy-compatible code. Not sure if the I-D should consider this from the start, even if we have no design or PoC for practical implementation (I mean, this wheel was invented many times so inspirations can be found, but at least myself won't commit to that in a short-mod term). If someone well-versed can propose the usable protocol side for safe(r) password exchange with a way to reject plaintext auth eventually (new keyword instead of current PASSWORD sounds like a viable approach to have one or the other or both implemented or returning an ERR if not supported), that would be great. Current NUT would work in fallback auth protocol mode then, until the future dawns on it and we actually implement the new protocol :) Jim On Wed, Apr 6, 2022, 09:39 Roger Price <[email protected]> wrote: > Is there a maximum length for a password in NUT? Should I specify 15 or > 31 > characters in the grammmar? > > The IETF are wedded to US ASCII, where character = byte, so I will ignore > the > question of multibyte characters. > > Roger > > _______________________________________________ > Nut-upsuser mailing list > [email protected] > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsuser >
_______________________________________________ Nut-upsdev mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsdev
