Bill Sommerfeld wrote:
> On Tue, 2007-08-14 at 21:31 -0700, Alan Wright wrote:
>
> > We can introduce a configuration parameter of the form below,
> > which would allow an administrator to control the authentication
> > mechanisms offered by the NDMP server during the negotation phase.
> >
> > ndmp_auth={all|cram-md5|plain-text}
> >
> > all: All available authentication mechanisms are
> > offered. The client can select from the list.
> >
> > cram-md5: CRAM-MD5 only.
> >
> > plain-text: plain text only.
>
> This parameter syntax can only reasonably cope with two mechanisms.
> while there may only be two at this time, this may not be true forever.
> If we later support a hypothetical CRAM-SHA256, how do I say I want to
> allow CRAM-SHA256 and CRAM-MD5 but not plaintext?
The value can be extended to a list:
ndmp_auth=cram-md5,cram-sha256,...
> > NDMP clients don't offer the end-user an option to select an
> > authentication mechanism and only support a single username
> > and password. Without a client-side interface to control which
> > authentication mechanism the client should choose, I don't
> > think there is any value in supporting multiple passwords.
>
> that presumes we will never deliver an NDMP client of our own, which
> seems like a bad assumption.
Shouldn't we wait until that development happens and consider the
requirements at that time rather than trying to anticipate them now?
The NDMP protocol might have advanced in the interim and moved in
a different direction.
Alan
