On 07/23/2013 01:54 PM, Augustin Wolf wrote:
I agree. The only acceptable solution would be one way hash, but this wouldn't be much help, unless OpenLdap supports it.
If the system stored a one-way hash of a "password," and that hash were usable as an authentication token, then the one-way has IS a plain-text password.
"Plain text" means that the content is usable without a key. A key might be an encryption passphrase entered on a terminal, or it might be an external crypto device that can transform a key into a usable form.
Common alternate authentication token types include an encrypted key file (such as ssh uses) or smart cards, or other PKCS #11 devices that can do challenge/response authentication.
In short, if a file can be used to authenticate a service without a key, then it's plain text.
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
