"Frank Ch. Eigler" <[EMAIL PROTECTED]> writes:
> Having scanned over the discussion again, my understanding is that Jim's
> proposed changes don't affect backwards compatibility. As long as user
> passwords continue to be passed in plaintext to the server, the server
> can store encrypted passwords in the authentication table.
The 'passwd' mode wouldn't be affected, but the 'crypt' mode would be;
it would become less secure than it is now, because the server would be
forced to send the same salt always, and so a captured encrypted
password would be just as useful as a captured plaintext one. That's
the step backwards.
regards, tom lane
---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to [EMAIL PROTECTED] so that your
message can get through to the mailing list cleanly
