[Standards-JIG] Re: Re: JEP-0077: In-Band Registration
Piotr Szturmaj
gacek999 at tlen.pl
Mon Jul 17 14:33:46 CDT 2006
> RFC 3920 says we use SASL, which includes mechanisms such as Kerberos,
> DIGEST-MD5, and mutual authentication using X.509 certificates, etc. In
> general we are pushing people to use those methods rather than trying to
> upgrade the old methods documented in JEP-0078. If Kerberos, DIGEST-MD5,
> and X.509 are not secure enough for you, I suggest that you may have a
> future in IETF protocol development. ;-)
SALS is enought for authentication for me, you probably miss my whole point
;-) All I want is storing hashes on disk instead of plain text passwords
(even encrypted). Currently this is impossible because I need to specify
original password instead of hash (like in In-Band Registration). I *must*
store original pass. Even if my client will hash it and use this hash like
password, I will lose possibility to login from other client. Lets assume
that passwords are hashed on server side, nobody (even administrator) can
retrieve password, that's ok. But anyone can do it on client side. All I
want is to make it impossible.
More information about the Standards-JIG
mailing list