Subject: Re: Encrypted logins, configuration, The Chooser, etc.
From: Leland Wallace (randall@apple.com)
Date: Mon Mar 12 2001 - 18:26:14 EST
On Monday, March 12, 2001, at 03:16 PM, Michael Clark wrote:
> <SNIP>
>> DHCast128 -- aka DHX, a 128 bit key is generated by Diffie-Hellman key
>> agreement,
>>    a 64 byte password is sent encrypted by the above key using 
>> CAST-128.
>> Weak
>>    against Man in the Middle attacks. This one is gaining popularity 
>> and
>> is supported in
>>    Mac OS X.
>
> Okay, so i guess DHX has no need for clear text passwords stored on the 
> server
> (as is required with the 'network-secure' UAMs such as 2-way randnum) - 
> can I
> use PAM right?
AFAIK yes, and I think that's what the current DHX implementations 
allow. Once the
password is decrypted on the server side, you can do anything you want 
with it.
Hope this helps
Leland
+-----------------------------------------------------------------------------------
Leland Wallace           Working in            AppleShare Engineering
randall@apple.com    but not speaking for      Apple Computer Inc.
http://www2.inow.com/~randall
+-----------------------------------------------------------------------------------
This archive was generated by hypermail 2b28 : Sun Oct 14 2001 - 03:04:34 EDT