Date: Sat, 22 Jun 2002 15:42:37 -0700 From: Terry Lambert <tlambert2@mindspring.com> To: Lyndon Nerenberg <lyndon@orthanc.ab.ca> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Cyrus vs. UW IMAP (was: Re: I Volunteer) Message-ID: <3D14FD5D.3BBA407@mindspring.com> References: <200206221729.g5MHTeJZ082215@orthanc.ab.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Lyndon Nerenberg wrote: > Terry> Personally, I think SASL should have specified that you > Terry> crypt(3) the passwords, and then use the resulting hash as > Terry> the password value for the shared secret on both ends. At > Terry> least that way, you would not have to pass cleartext to use > Terry> the UNIX account database. > > The problem with this is that if you serve up your password database via > NIS an attacker can grab the crypt()ed password and use it to perform a > forged authentication. I understand this. Which is why you don't use NIS, or at least do not make it externally accessible. The exchange would have to include the salt, anyway, or the client couldn't crypt the value to the correct hash. The point is really to allow all the SASL methods to be used by a client, when all the server has is a UNIX password database. Even you've got to admit that storing crypted passwords on the server is better than permitting unprivilged applications access to the plaintext passwords. 8-). > Note that in the next revision of the IMAP4 spec STARTTLS will > be mandatory to implement. Yeah, this is incredibly bogus. The proper way of handling this is SSL. It's very easy to man-in-the-middle a session that starts out unencrypted when a STARTTLS goes by for SMTP; it is just as easy for anything else that uses that rather bogus method. 8-(. -- TErry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D14FD5D.3BBA407>