- From: Dave Kristol <dmk@allegra.att.com>
- Date: Mon, 17 Jul 95 11:06:21 EDT
- To: cshotton@biap.com
- Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
cshotton@biap.com (Chuck Shotton) said: > >[Dave Kristol said:] > >Fair enough. How about using the server-name in place of realm, then? > >(After all, it's possible two webmasters might choose the same realm > >name on different servers, isn't it!) That would render the same > >username/password combination unique on different machines. So the > >stored hash would be: > > H(<username> : <server-domain-name> : <password>) > > This isn't any better, given that one user may have multiple occurences of > the same name and password for different realms. (It happens!) The best > would be a combination of host domain name and realm name. True enough. But encoding the realm name (along with host domain name) in the stored string would return me to the dilemma I had before: what if I need/want to change domain name? The entire password file becomes invalid. Dave Kristol
Received on Monday, 17 July 1995 08:16:28 UTC