incoming.conf length limits
Jeffrey M. Vinocur
jeff at litech.org
Sun Jan 19 07:22:45 UTC 2003
On Sat, 18 Jan 2003, Erik Klavon wrote:
> On Fri, Jan 17, 2003 at 02:15:13PM -0500, Todd Olson wrote:
> > e) Currently authentication can happen in one of two ways
> > i) via sidecar
> > ii) nntp auth / Kerberos proxy
> > (id/password sent from reader to server via nntp
> > (server validates id/password via kerberos
> > We are trying to move away from ii as clear text password
> > over a network are a bad idea
>
> You can get around the clear text password problem by requiring that
> all connections be made via SSL.
There are, btw, two issues there:
- not many clients have support for SSL at this point
- fundamentally you don't want to be exposing your kerberos password to
anybody except the domain controller, even if the link is encrypted,
just on principle
--
Jeffrey M. Vinocur
jeff at litech.org
More information about the inn-workers
mailing list