Re: Generic challenge-repsonse aunetication in ssh2

[Chris Newman]

On Tue, 9 Feb 1999, William H. Geiger III wrote:
> Nothing personal but with M$'s track record when it comes to security the
> last thing I would want to use it one of their OS's password services.

I sympathize.  But site administrators who have to manage users don't want
to have two password databases.  So if you actually want your software
used, it's important it can at least share the same backend database as
other software which authenticates users.

If you invent a challenge response mechanism with it's own custom backend
password verifier format, then you've just made life harder for everyone.

                - Chris