[Standards-JIG] certificate and private key retreival

maqi at jabberstudio.org maqi at jabberstudio.org
Wed Mar 17 15:52:12 UTC 2004


On Wed, 17 Mar 2004, Ian Paterson wrote:

> So, to enable compatability with some 'legacy' or shared authentication
> systems, the auth protocol would need to allow the server to specify exactly
> which hash algorithm the client must apply to the real password to turn it
> into the 'pseudo-plaintext' password?

I'm not sure that all auth systems allow retrieval of the hash as this can
be a security risk (for example, on Unix passwords are often stored in
/etc/shadow [which is not readable by the public] instead of /etc/passwd).
Probably there are systems which only implement a function like
  boolean checkPwd(String user, String passwd)
...

Regards



More information about the Standards mailing list