Oh. I somehow read that Dan favored APOP.
On Fri, Feb 25, 2005, Paul J Stevens <[EMAIL PROTECTED]> said:
> I guess we all agree then: no apop for ldap-based authentication.
>
> Aaron Stone wrote:
>> On Thu, Feb 24, 2005, Dan Weber <[EMAIL PROTECTED]> said:
>>
>>>I'd suggest instead of APOP, us
I guess we all agree then: no apop for ldap-based authentication.
Aaron Stone wrote:
On Thu, Feb 24, 2005, Dan Weber <[EMAIL PROTECTED]> said:
I'd suggest instead of APOP, use POP3 over SSL. Storing passwords in
plaintext shouldn't be done in any context. Seriously.
Doesn't work if we do
On Thu, Feb 24, 2005, Dan Weber <[EMAIL PROTECTED]> said:
> I'd suggest instead of APOP, use POP3 over SSL. Storing passwords in
> plaintext shouldn't be done in any context. Seriously.
Doesn't work if we don't have control of the hashing type, as with LDAP.
Plus, APOP only handles the authent
I'd suggest instead of APOP, use POP3 over SSL. Storing passwords in
plaintext shouldn't be done in any context. Seriously.
Dan
On Sun, 13 Feb 2005 22:12:52 +0100, Paul J Stevens <[EMAIL PROTECTED]> wrote:
> I'm putting the finishing touches on authldap but need some feedback here. Am
> I correct in assuming that
> currently POP3 APOP only works if the password is stored cleartext in the
> database?
That't indeed the way
Hi all,
I'm putting the finishing touches on authldap but need some feedback here. Am I correct in assuming that
currently POP3 APOP only works if the password is stored cleartext in the database?
I don't see how we can support APOP with ldap. There's no shared secret, unless I store it cleart
