On Wed, Apr 02, 2003 at 04:12:10PM -0600, Jim Ramsay wrote: > Here's the list I have so far of things I think it should do:
I thought of another possibility for the backend. I don't know if this is used anywhere, or if it's useful as an alternative to a cleartext password file, but what about supporting on the backend a password-coughup program. I mean a program that takes an arg (username) and delivers to stdout or stderr or fd#3 the cleartext password of the username. This would be somewhat similiar to 'checkpassword' authentication, except that it could also support cram_md5 authentication as it returns the cleartext password. Should I bother thinking about this further, or is it a useless idea? I suppose another option to support other authentication schemes with cram_md5 would be to implement a brute-force password checker that would guess the user's password using a dictionary attack or just incremental generation (try 'a', then 'b', and so on), authenticate it against a source, then use it in the cram_md5 validation. Okay, maybe not. -- Jim Ramsay [EMAIL PROTECTED] PGP Key ID: 0xBE28F488 _________________________________________________ tmda-workers mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-workers
