nnrpd's Argify() and passwords with spaces
rra at stanford.edu
Wed Dec 19 21:58:30 UTC 2001
Jeffrey M Vinocur <jeff at litech.org> writes:
> Sure, that would be nice. But if we're going to add new extensions
> (which is probably the best thing to do? so we maintain compatibility
> with existing software?) we should keep in mind that plaintext passwords
> are bad.
> Maybe a challenge-response scheme? That would work nicely as part of a
> text-based protocol and not require any infrastructure changes.
You really, really want to use SASL. (Yes, I know, I'm a broken record.
I've been very tempted to just write up an Internet Draft for AUTHINFO
SASL a few times.
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the inn-workers