From owner-freebsd-hackers  Sat Jun 22 15:43:36 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from hawk.mail.pas.earthlink.net (hawk.mail.pas.earthlink.net [207.217.120.22])
	by hub.freebsd.org (Postfix) with ESMTP id 7413537B400
	for <freebsd-hackers@freebsd.org>; Sat, 22 Jun 2002 15:43:26 -0700 (PDT)
Received: from pool0523.cvx21-bradley.dialup.earthlink.net ([209.179.194.13] helo=mindspring.com)
	by hawk.mail.pas.earthlink.net with esmtp (Exim 3.33 #2)
	id 17Ltb9-00050Z-00; Sat, 22 Jun 2002 15:43:16 -0700
Message-ID: <3D14FD5D.3BBA407@mindspring.com>
Date: Sat, 22 Jun 2002 15:42:37 -0700
From: Terry Lambert <tlambert2@mindspring.com>
X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony}  (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Lyndon Nerenberg <lyndon@orthanc.ab.ca>
Cc: freebsd-hackers@FreeBSD.ORG
Subject: Re: Cyrus vs. UW IMAP (was: Re: I Volunteer)
References: <200206221729.g5MHTeJZ082215@orthanc.ab.ca>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Lyndon Nerenberg wrote:
>     Terry> Personally, I think SASL should have specified that you
>     Terry> crypt(3) the passwords, and then use the resulting hash as
>     Terry> the password value for the shared secret on both ends.  At
>     Terry> least that way, you would not have to pass cleartext to use
>     Terry> the UNIX account database.
> 
> The problem with this is that if you serve up your password database via
> NIS an attacker can grab the crypt()ed password and use it to perform a
> forged authentication.

I understand this.  Which is why you don't use NIS, or at least
do not make it externally accessible.  The exchange would have to
include the salt, anyway, or the client couldn't crypt the value
to the correct hash.

The point is really to allow all the SASL methods to be used by a
client, when all the server has is a UNIX password database.

Even you've got to admit that storing crypted passwords on the
server is better than permitting unprivilged applications access
to the plaintext passwords.  8-).


> Note that in the next revision of the IMAP4 spec STARTTLS will
> be mandatory to implement.

Yeah, this is incredibly bogus.  The proper way of handling this
is SSL.  It's very easy to man-in-the-middle a session that
starts out unencrypted when a STARTTLS goes by for SMTP; it is
just as easy for anything else that uses that rather bogus method.
8-(.

-- TErry

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message