From owner-freebsd-security  Wed Jun  3 06:05:44 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id GAA07618
          for freebsd-security-outgoing; Wed, 3 Jun 1998 06:05:44 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from homeport.org (lighthouse.homeport.org [205.136.65.198])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA07586
          for <freebsd-security@FreeBSD.ORG>; Wed, 3 Jun 1998 06:05:33 -0700 (PDT)
          (envelope-from adam@homeport.org)
Received: (adam@localhost) by homeport.org (8.8.5/8.6.9) id IAA06307; Wed, 3 Jun 1998 08:59:54 -0400 (EDT)
From: Adam Shostack <adam@homeport.org>
Message-Id: <199806031259.IAA06307@homeport.org>
Subject: Re: MD5 v. DES?
In-Reply-To: <199806030808.BAA11430@cwsys.cwsent.com> from Cy Schubert - ITSD Open Systems Group at "Jun 3, 98 01:08:29 am"
To: cschuber@uumail.gov.bc.ca
Date: Wed, 3 Jun 1998 08:59:53 -0400 (EDT)
Cc: robert+freebsd@cyrus.watson.org, phk@critter.freebsd.dk, eivind@yes.no,
        sysadmin@mfn.org, freebsd-security@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL27 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

TIS wrote one of these that isn't bad as long as you don't let the
protocol cross the network.  It was part of the firewall toolkit.
Since a number of vendors support that, it would be nice to be
compatible with it.

With a little effort, the protocol could be revised to tie the 'ok'
messages to the rest of the system, and it could be made network safe.

Adam



Cy Schubert - ITSD Open Systems Group wrote:
| > environment, it might be desirable to have an "authentication daemon" that
| > listens on a unix domain socket (or such).  Daemons like CMU's imapd
| 
| This looks like a nice clean approach, however what if the daemon (or 
| something else for that matter) is broken?  I suppose falling back to a 
| primitive level of authentification, e.g. only /etc/passwd, to ensure 
| that the system is not totally hosed.
| 
| Any thoughts?
| 
| 
| Regards,                       Phone:  (250)387-8437
| Cy Schubert                      Fax:  (250)387-5766
| Open Systems Group          Internet:  cschuber@uumail.gov.bc.ca
| ITSD                                   Cy.Schubert@gems8.gov.bc.ca
| Government of BC            
| 
| 
| 
| 
| To Unsubscribe: send mail to majordomo@FreeBSD.org
| with "unsubscribe security" in the body of the message
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message