2008/6/5 Aidan Skinner <[EMAIL PROTECTED]>: > On Thu, Jun 5, 2008 at 2:47 PM, Gordon Sim <[EMAIL PROTECTED]> wrote: > >> Aidan Skinner wrote: >>> >>> I believe it does, although this bug/difference of interpretation >>> wouldn't manifest itself for any sane password (it only happens with >>> certain high characters). I've had a look through the SASL source and >>> it doesn't seem to do anything funky with the password inside itself. >>> What do you read the password in as? >> >> Its read in as essentially binary data into a std::string then passed to >> cyrus via a c-string. > > Ah, so you don't do any of the funky charset conversion that's going > on elsewhere then? That may be an issue to watch out for when you try > to interop Java to C++, although it will likely only affect certain > passwords if it is a problem at all. > >>> As an aside, do you support hashed password files? >> >> All support for authentication currently comes from what cyrus provides. >> Theres a config file in cpp/etc/sasl2 that authenticates against a db (an >> example of which, containing guest user, is created during the dist build). >> >> Passwords are stored in the clear in the db though. Cyrus can also be setup >> to authenticate against the hosts userbase, ldap etc. I'm not _aware_ of any >> option to authenticate an application specific hashed password file, but >> that doesn't mean its not there (it could be built as a cyrus module if >> needed). > > Gotcha, just wondered. This all blew up because of the java brokers > slightly odd strategy for not storing passwords in plaintext on disk.
Not forgetting that the strategy is further compounded by not wanting to send the password clear text across the network. If we ran SSL on the connection the clear text password could be hashed by the server using what ever means it needed to get to the hashed version it had on disk. > Thanks! > > - Aidan > -- > aim/y!:aidans42 g:[EMAIL PROTECTED] > http://aidan.skinner.me.uk/ > "We belong to nobody and nobody belongs to us. We don't even belong to > each other." > -- Martin Ritchie
