Re: Encrypted password patch

[Milan Zamazal]

>>>>> "RM" == Rick Macdonald <address@hidden> writes:

    RM> Would TkGnats just send the plain text password to gnatsd, and
    RM> gnatsd would do the encryption/validation?

Yes, nothing changes in the (gnatsd) interface.

    RM> Does gnatsweb send clear text passwords to gnatsd or does it do
    RM> something better?

I think it sends clear text passwords.

    RM> I recall people complaining (a few years ago) not only of plain
    RM> text passwords in the gnatsd config but also the transfer of
    RM> plain text passwords to gnatsd as well.

Yes, that might be a reason to complain.  However sending encrypted
passwords over network is not much better.  I think a good solution
might be a system level solution -- making a secured channel (through
some port redirection or so) between Gnatsweb and gnatsd.  A less
my-servers-and-clients-only oriented solution might be to let gnatsd sit
behind a simple ssh script on some port and to add the support to
Gnatsweb, TkGnats and the Emacs interface to communicate via ssh with
the server.

Another solution is to use Kerberos (GNATS has got support for it though
I've no idea whether it works or not), but the Kerberos support might be
difficult to implement in non-C clients which talk to gnatsd directly.

But I'm not a security expert nor I seriously work as a sysadmin last
years, so I'd better let speak someone more competent in this area.

Regards,

Milan Zamazal

-- 
SomeProgrammersLikeWritingLikeThis.However,IDontThinkThisFormOfCommunicationIs\
AGoodIdea.IApologizeToAllWhoCantReadMyTextsWrittenInAClassicStyle.