Subject: Re: Encrypted logins, configuration, The Chooser, etc.
From: Leland Wallace (randall@apple.com)
Date: Mon Mar 12 2001 - 18:26:14 EST
On Monday, March 12, 2001, at 03:16 PM, Michael Clark wrote:
> <SNIP>
>> DHCast128 -- aka DHX, a 128 bit key is generated by Diffie-Hellman key
>> agreement,
>> a 64 byte password is sent encrypted by the above key using
>> CAST-128.
>> Weak
>> against Man in the Middle attacks. This one is gaining popularity
>> and
>> is supported in
>> Mac OS X.
>
> Okay, so i guess DHX has no need for clear text passwords stored on the
> server
> (as is required with the 'network-secure' UAMs such as 2-way randnum) -
> can I
> use PAM right?
AFAIK yes, and I think that's what the current DHX implementations
allow. Once the
password is decrypted on the server side, you can do anything you want
with it.
Hope this helps
Leland
+-----------------------------------------------------------------------------------
Leland Wallace Working in AppleShare Engineering
randall@apple.com but not speaking for Apple Computer Inc.
http://www2.inow.com/~randall
+-----------------------------------------------------------------------------------
This archive was generated by hypermail 2b28 : Sun Oct 14 2001 - 03:04:34 EDT