On 12/27/08, Morten Christensen <mc-open...@mc.cx> wrote: > > I just never had username configuration before... I actually don't > > understand why you need it anyway.... :) > > > > We are combining a certificate without password with authentification > with the username and password of the servers. > I find that it has 2 advantages: > The user cannot change the password to something too short. > When the user forgets the password, it is easy to enter a new one > without the need far a new certificate.
OK... but the true protection is the cryptography... So the level of authentication is username/password. Have you tried the dummy scenario. Alon.
