ietf-nntp Re: WG Review: Simple Authentication and Security
rra at stanford.edu
Mon Dec 9 17:51:32 PST 2002
Ken Murchison <ken at oceana.com> writes:
> Yes, this is a well known problem with infrastrctures which are based
> around a plaintext methodology. I guess your alternatives are to switch
> to something like Kereberos or try resurrecting Newman's DSS effort (or
> something similar) ietf-sasl. If the WG likes the idea, I'll volunteer
> to write the plugin for CMU SASL.
Kerberos doesn't help in Andrew's situation unless by using Kerberos you
mean converting all possible password databases that the server might need
to query to Kerberos, which doesn't work very well when the person running
the server doesn't control all of them.
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the ietf-nntp