Re: patch DIGEST-MD5 hashed password

help-gsasl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: patch DIGEST-MD5 hashed password

From:	Simon Josefsson
Subject:	Re: patch DIGEST-MD5 hashed password
Date:	Tue, 02 Sep 2008 13:14:24 +0200
User-agent:	Gnus/5.110011 (No Gnus v0.11) Emacs/22.2 (gnu/linux)

"Gazsó Attila" <address@hidden> writes:

> Hello,
>
> I am writing a jabber server and using the GNU SASL library for
> authentication. I didn't want to store plaintext passwords, so I
> created a patch for 0.2.28. I downloaded the tar.gz because I could
> not compile the git repository version because of version dependencies
> to the gettext package.
>
> This patch essentialy add a new callback type (GSASL_HPASSWORD) which
> contains H(username,':',realm,':',password) as a hex string. It can be
> conveniently stored in that form in a flat file or a database, that's
> why I chose this form. Furthermore I added three helper functions to
> digest-md/server.c to make the hex/binary conversion.
>
> I hope that this patch will appear soon in the library, because I
> would like to use it on production servers too.

Hello Attila!  I like the idea.  I think the property should be called
GSASL_HASHED_DIGEST_MD5_PASSWORD instead though, since other mechanism
may use different hashed passwords.

To be able to include your patch, we need a copyright assignment for it.
I'll send it to you separately.

Thanks,
Simon

[Prev in Thread]

Current Thread

[Next in Thread]

patch DIGEST-MD5 hashed password, Gazsó Attila, 2008/09/01
- Re: patch DIGEST-MD5 hashed password, Simon Josefsson <=

Prev by Date: patch DIGEST-MD5 hashed password
Next by Date: Re: Compiling problem for gsasl-0.2.28 on Solaris 10
Previous by thread: patch DIGEST-MD5 hashed password
Next by thread: Re: Compiling problem for gsasl-0.2.28 on Solaris 10
Index(es):
- Date
- Thread