Date: Mon, 01 Jun 1998 16:11:16 -0700 From: Mike Smith <mike@smith.net.au> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: Robert Watson <robert+freebsd@cyrus.watson.org>, Eivind Eklund <eivind@yes.no>, "J.A. Terranson" <sysadmin@mfn.org>, "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG> Subject: Re: MD5 v. DES? Message-ID: <199806012311.QAA01886@dingo.cdrom.com> In-Reply-To: Your message of "Mon, 01 Jun 1998 21:57:29 %2B0200." <5630.896731049@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
> In message <Pine.BSF.3.96.980601154152.4784E-100000@fledge.watson.org>, Robert > Watson writes: > > >> I have been considering if we shouldn't introduce a > >> > >> int checkuserpassword(char *user, char *password); > >> > >> in some library, rather than having all these programs know that > >> you should strcmp after calling crypt(). This would allow us to > >> do what you propose or RADIUS authentication for that matter... > > > >I personally dislike this idea -- where does this leave one-time-password > >users, etc? > > Perfectly safe as always. All it does is to make sure that you don't have > to modify, ftpd, telnetd, login, popper, and uhm... what is the last one, > I keep forgetting, Hmm..... Actually, it sucks. See PAM and the XSSO stuff for some better directions, but basically it still loses. The principal difficulty is that many more sophisticated password schemes are challenge-response based, eg. s/key, SecurID, etc. There's no easy way for the authenticator to backchat with the user, which is often required (but not always possible, eg. POP3). -- \\ Sometimes you're ahead, \\ Mike Smith \\ sometimes you're behind. \\ mike@smith.net.au \\ The race is long, and in the \\ msmith@freebsd.org \\ end it's only with yourself. \\ msmith@cdrom.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199806012311.QAA01886>