[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slurpd -d9 --- Invalid credentials

Kurt D. Zeilenga wrote:
> Let me repeat using different words which Howard and others have
> already explained to you.
> Password-based mechanisms require the client to knowledge of
> the actual password.  That password is either provided by a
> human or read from a password store.
I know this gets OT but shouldn't that read:

challenge-response based mechanisms (such as CRAM-MD5, DIGEST-MD5)
require the cleartext password to be stored on client and server?

It is my understanding you can have cleartext passwords on the wire
(sasl PLAIN, LOGIN, simple_bind,...) and store hashes on the server side
*OR* secure exchange of credentials with challenge-response mechanisms
(*-MD5) which require cleartext passwords on both sides. You cannot have