-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Content-Type: text/plain; charset=us-ascii
In message <[EMAIL PROTECTED]>, Rob Siemborski writes: >On Mon, 13 Jan 2003, Ted Cabeen wrote: >> Would it be possible to add an option that makes cyrus print bad passwords in >> the log file? I know that there is a slight security issue with revealing >> the incorrect passwords that users attempt to use, but doing telephone Tech >> Support without it is difficult. >> >> I have a patch that does this, but it doesn't make it into a settable option. > >No, it isn't possible. Atleast not generally. > >For example, you can't extract passwords from DIGEST-MD5 and CRAM-MD5 SASL >mechanisms, and the concept doesn't even make sense with the Kerberos >mechanisms. Duh. Of course. >If you're only worried about the plaintext mechanisms, the right place to >put this is in sasl_checkpass (in libsasl). Good thought. I'll look there. - -- Ted Cabeen http://www.pobox.com/~secabeen [EMAIL PROTECTED] Check Website or Keyserver for PGP/GPG Key BA0349D2 [EMAIL PROTECTED] "I have taken all knowledge to be my province." -F. Bacon [EMAIL PROTECTED] "Human kind cannot bear very much reality."-T.S.Eliot [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) Comment: Exmh version 2.5 07/13/2001 iD8DBQE+JE4poayJfLoDSdIRAv90AKCcFHGoivzWHCWqHppfpZHk6B13DgCgsndo DTEmNP2+ThCN+M1pQOooL20= =Wr1r -----END PGP SIGNATURE-----
