nnrpd's Argify() and passwords with spaces

Russ Allbery rra at stanford.edu
Wed Dec 19 21:58:30 UTC 2001


Jeffrey M Vinocur <jeff at litech.org> writes:

> Sure, that would be nice.  But if we're going to add new extensions
> (which is probably the best thing to do? so we maintain compatibility
> with existing software?) we should keep in mind that plaintext passwords
> are bad.

> Maybe a challenge-response scheme?  That would work nicely as part of a
> text-based protocol and not require any infrastructure changes.

You really, really want to use SASL.  (Yes, I know, I'm a broken record.
*wry grin*)

I've been very tempted to just write up an Internet Draft for AUTHINFO
SASL a few times.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>


More information about the inn-workers mailing list