From owner-freebsd-security  Sat May 30 14:02:11 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA02649
          for freebsd-security-outgoing; Sat, 30 May 1998 14:02:11 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from ns1.yes.no (ns1.yes.no [195.119.24.10])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA02455
          for <freebsd-security@FreeBSD.ORG>; Sat, 30 May 1998 14:00:32 -0700 (PDT)
          (envelope-from eivind@bitbox.follo.net)
Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218])
	by ns1.yes.no (8.8.7/8.8.7) with ESMTP id VAA13668;
	Sat, 30 May 1998 21:00:28 GMT
Received: (from eivind@localhost)
	by bitbox.follo.net (8.8.8/8.8.6) id WAA06137;
	Sat, 30 May 1998 22:58:47 +0200 (MET DST)
Message-ID: <19980530225842.57628@follo.net>
Date: Sat, 30 May 1998 22:58:42 +0200
From: Eivind Eklund <eivind@yes.no>
To: Poul-Henning Kamp <phk@critter.freebsd.dk>
Cc: "J.A. Terranson" <sysadmin@mfn.org>,
        "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG>
Subject: Re: MD5 v. DES?
References: <19980530203204.34537@follo.net> <20473.896555907@critter.freebsd.dk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.89.1i
In-Reply-To: <20473.896555907@critter.freebsd.dk>; from Poul-Henning Kamp on Sat, May 30, 1998 at 09:18:27PM +0200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sat, May 30, 1998 at 09:18:27PM +0200, Poul-Henning Kamp wrote:
> I have been considering if we shouldn't introduce a 
> 
> 	int checkuserpassword(char *user, char *password);
> 
> in some library, rather than having all these programs know that
> you should strcmp after calling crypt().  This would allow us to
> do what you propose or RADIUS authentication for that matter...

I think the basic idea is good.  It is not required for what I
proposed - that will work perfectly well as a normal hash - but I'd
still like to abstract.

However, wouldn't it be advantageous to be able to do other forms of
authentication too, like tokens etc?  These might require a challenge,
and an API to handle this.  I'm tolkd PKCS#11 (reference paper from
RSA, Inc) contains an API-standard for it.

Eivind.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message