incoming.conf length limits

Jeffrey M. Vinocur jeff at litech.org
Sun Jan 19 07:22:45 UTC 2003


On Sat, 18 Jan 2003, Erik Klavon wrote:

> On Fri, Jan 17, 2003 at 02:15:13PM -0500, Todd Olson wrote:
> >     e) Currently authentication can happen in one of two ways
> >           i) via sidecar
> >          ii) nntp auth / Kerberos proxy
> >                (id/password sent from reader to server via nntp
> >                (server validates id/password via kerberos
> >         We are trying to move away from ii as clear text password
> >         over a network are a bad idea
> 
> You can get around the clear text password problem by requiring that
> all connections be made via SSL.

There are, btw, two issues there:
- not many clients have support for SSL at this point
- fundamentally you don't want to be exposing your kerberos password to
  anybody except the domain controller, even if the link is encrypted,
  just on principle

-- 
Jeffrey M. Vinocur
jeff at litech.org



More information about the inn-workers mailing list