cf http://asg.web.cmu.edu/sasl/ ?
On Wed, Apr 12, 2000 at 11:59:19AM +0100, Peter Mount wrote:
> Thats why I said its for the future :-)
>
> I always use crypt if it's going outside the server, so some form of
> encrypted transport is required. Anyhow, the main reason I mentioned
> PAM, is that not every platform would have a password file (NT for
> example, although you can configure one in cygwin).
>
> Peter
>
> --
> Peter Mount
> Enterprise Support
> Maidstone Borough Council
> Any views stated are my own, and not those of Maidstone Borough Council.
>
>
>
> -----Original Message-----
> From: Hannu Krosing [mailto:hannu@tm.ee]
> Sent: Wednesday, April 12, 2000 10:47 AM
> To: Peter Mount
> Cc: 'Henk van Lingen'; pgsql-interfaces@postgresql.org
> Subject: Re: [INTERFACES] ODBC and crypted passwords
>
>
> Peter Mount wrote:
> >
> > One thing that may be useful, is not to check against the unix
> password
> > file, but to use PAM. That way, you could even authenticate against
> the
> > dreadded NT accounts, unix password file, dbm file etc...
> >
> > Anyhow, this is something to think about for the future ;-)
>
> IMHO this defeats the purpose of crypt - not to send plaintext passwords
>
> over the net.
>
> OTOH, it could be done over a secure (SSL/TLS) channel of course.
>
> -----------
> Hannu