Federico Giannici <[EMAIL PROTECTED]> wrote:
> I have noticed that the "lower_pass = after" configuration command is
> implemented simply executing a second time the entire sequence of
> authorization/authentication operations.
Yes. The feature is a hack, and should be removed from the server
Alan DeKok wrote:
Federico Giannici <[EMAIL PROTECTED]> wrote:
I have noticed that the "lower_pass = after" configuration command is
implemented simply executing a second time the entire sequence of
authorization/authentication operations.
Yes. The feature is a hack, and should be removed f
Federico Giannici <[EMAIL PROTECTED]> wrote:
> Hummm...
> Do you want to remove only the "after" option (the real hack) or the
> entire command?
Both. The "after" thing runs the packet through the server twice,
which is problematic. The "lower_pass" thing can be done in a module.
Alan DeKo
On 3/27/04 12:26 AM, [EMAIL PROTECTED] (Alan DeKok) wrote:
>> Do you want to remove only the "after" option (the real hack) or the
>> entire command?
>
> Both. The "after" thing runs the packet through the server twice,
> which is problematic. The "lower_pass" thing can be done in a module.
I
Alan DeKok wrote:
Federico Giannici <[EMAIL PROTECTED]> wrote:
Hummm...
Do you want to remove only the "after" option (the real hack) or the
entire command?
Both. The "after" thing runs the packet through the server twice,
which is problematic. The "lower_pass" thing can be done in a module
Mike Lampson <[EMAIL PROTECTED]> wrote:
> > Both. The "after" thing runs the packet through the server twice,
> > which is problematic. The "lower_pass" thing can be done in a module.
>
> I would urge you *not* to do this. We SHA1 encrypt our lowercased,
> MySQL-stored passwords. We then lower
6 matches
Mail list logo
