- From: John Franks <john@math.nwu.edu>
- Date: Fri, 14 Jul 1995 23:42:26 -0500 (CDT)
- To: Alex Hopmann <hopmann@holonet.net>
- Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
According to Alex Hopmann: > >That helps, but I have a quibble. I would prefer not to tie the username > >and password so strongly to a particular realm, because: > > 1) I might like to change the name of the realm (if only slightly). > I have to agree with this first quibble quite a bit. In an actual product > implementation of message digest we have had some issues arrise because if > the server operator wants to change their realm, their entire user/password > database suddently becomes inoperative. > The reason that the realm is encoded with the user and password in the server password file is that people tend to reuse the same password. If only the username and password are encoded and put in the password file then the maintainer of server A, knowing H( username:password) for his server can use this to gain access to those documents on server B to which username has access. This is assuming that the user has the same password on both servers. It would be nice if every user used a different password for every account but this is not realistic. Nothing in the draft addresses the problem of how the user gets H( user:realm:password) into the server password file. John Franks
Received on Friday, 14 July 1995 21:43:24 UTC