Date: Sun, 18 Mar 2001 14:40:19 -0500 From: "Matthew Emmerton" <matt@gsicomp.on.ca> To: "Nick Sayer" <nsayer@quack.kfu.com>, <stable@freebsd.org> Subject: Re: What about SRP auth for telnet and ftp? [was Re: SRA auth ] Message-ID: <007c01c0afe3$45bdfd90$1200a8c0@gsicomp.on.ca> References: <LNBBIBDBFFCDPLBLLLHFAEENJHAA.juha@saarinen.org> <006e01c0af4b$b0f6dbb0$1200a8c0@gsicomp.on.ca> <3AB4D50F.1060704@quack.kfu.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Matthew Emmerton wrote: > > > Would anyone be interested in seeing SRP functionality added? > The nice thing about patching telnet to add authentication > types is that the actual patching is fairly limited -- the code just > sort of lays alongside the rest in libtelnet. Yes, that's a definite plus when it comes to maintainance! > But if you're going to bother, the first thing you should do is add some > better session encryption. The telnetd that comes with the SRP distribution supports a ton of stuff, including SSL/TLS, DES3 and CAST. A quick scan shows that the majority of code uses a BSD-style licence, which is good. I'll have to hook up with the telnetd maintainer on this. The only monkey wrench is that SRP uses a new password-file format (Exponential Password Suite). I'm thinking that the better way is to add support for 'eps' passwords via /etc/login.conf (just as md5 and des passwords are supported), and ensure that the appropriate libraries are around to handle this case. -- Matt Emmerton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?007c01c0afe3$45bdfd90$1200a8c0>