I was thinking about Radiator's CHAP support a little.
Clear text passwords are a bad idea, we all know it.
How about a two-way encryption added to Radiator for these passwords?
For CHAP, decrypt the password before it's needed. This would be a compromise, I think.
When stored in an LDAP directory entry, it could have {CHAP} prefixed to distinguish
it from other
userPasssword values. The key for a two-way encryption would be stored in a file. If
need to be fancy,
store a random key per user in a database, or LDAP directory to make passwords even
harder to steal.
This is needed because some people are forced to use CHAP (since large aggregators
won't switch their NASes
on customers' requests to PAP first, CHAP second.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
