On Friday 24 February 2006 15:58, Michael Sullivan wrote: > Based on what I read at the link you sent me, I think what I want is the > following: > > CRAM-MD5: Protects the password in transit against eavesdroppers. > Somewhat good support in clients. > > The problem is that the web site doesn't tell me how to create a > CRAM-MD5 password database...
CRAM-MD5 isn't a good choice. The password is sent as a hash, based on a randomly generated per connection string. This means you have no choice but to have the password in plain text on the server to check against. Like kashani says, use tls/ssl. -- Mike Williams -- gentoo-user@gentoo.org mailing list
