[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Encrypted password patch
From: |
Milan Zamazal |
Subject: |
Re: Encrypted password patch |
Date: |
25 Jun 2001 00:17:23 +0200 |
User-agent: |
Gnus/5.09 (Gnus v5.9.0) Emacs/21.0.103 |
>>>>> "RM" == Rick Macdonald <address@hidden> writes:
RM> Would TkGnats just send the plain text password to gnatsd, and
RM> gnatsd would do the encryption/validation?
Yes, nothing changes in the (gnatsd) interface.
RM> Does gnatsweb send clear text passwords to gnatsd or does it do
RM> something better?
I think it sends clear text passwords.
RM> I recall people complaining (a few years ago) not only of plain
RM> text passwords in the gnatsd config but also the transfer of
RM> plain text passwords to gnatsd as well.
Yes, that might be a reason to complain. However sending encrypted
passwords over network is not much better. I think a good solution
might be a system level solution -- making a secured channel (through
some port redirection or so) between Gnatsweb and gnatsd. A less
my-servers-and-clients-only oriented solution might be to let gnatsd sit
behind a simple ssh script on some port and to add the support to
Gnatsweb, TkGnats and the Emacs interface to communicate via ssh with
the server.
Another solution is to use Kerberos (GNATS has got support for it though
I've no idea whether it works or not), but the Kerberos support might be
difficult to implement in non-C clients which talk to gnatsd directly.
But I'm not a security expert nor I seriously work as a sysadmin last
years, so I'd better let speak someone more competent in this area.
Regards,
Milan Zamazal
--
SomeProgrammersLikeWritingLikeThis.However,IDontThinkThisFormOfCommunicationIs\
AGoodIdea.IApologizeToAllWhoCantReadMyTextsWrittenInAClassicStyle.
Re: Encrypted password patch, Yngve Svendsen, 2001/06/26