From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/73750 Path: news.gmane.org!not-for-mail From: James Cloos Newsgroups: gmane.emacs.gnus.general Subject: Re: AUTH=PLAIN support Date: Sun, 31 Oct 2010 17:31:05 -0400 Message-ID: References: <871v77fp3p.fsf@pcuds33.cern.ch> <87pqure8hr.fsf@pcuds33.cern.ch> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: dough.gmane.org 1288560870 12385 80.91.229.12 (31 Oct 2010 21:34:30 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Sun, 31 Oct 2010 21:34:30 +0000 (UTC) To: ding@gnus.org Original-X-From: ding-owner+M22119@lists.math.uh.edu Sun Oct 31 22:34:26 2010 Return-path: Envelope-to: ding-account@gmane.org Original-Received: from util0.math.uh.edu ([129.7.128.18]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1PCfXm-0007nK-2F for ding-account@gmane.org; Sun, 31 Oct 2010 22:34:26 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by util0.math.uh.edu with smtp (Exim 4.63) (envelope-from ) id 1PCfXi-0003wo-Cv; Sun, 31 Oct 2010 16:34:22 -0500 Original-Received: from mx2.math.uh.edu ([129.7.128.33]) by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1PCfXg-0003wV-MU for ding@lists.math.uh.edu; Sun, 31 Oct 2010 16:34:20 -0500 Original-Received: from quimby.gnus.org ([80.91.231.51]) by mx2.math.uh.edu with esmtp (Exim 4.72) (envelope-from ) id 1PCfXb-0001dF-D1 for ding@lists.math.uh.edu; Sun, 31 Oct 2010 16:34:20 -0500 Original-Received: from eagle.jhcloos.com ([207.210.242.212]) by quimby.gnus.org with esmtp (Exim 3.36 #1 (Debian)) id 1PCfXa-0007d0-00 for ; Sun, 31 Oct 2010 22:34:14 +0100 Original-Received: by eagle.jhcloos.com (Postfix, from userid 10) id 7395E40180; Sun, 31 Oct 2010 21:33:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jhcloos.com; s=eagle; t=1288560852; bh=FABY4KwN5So13ndritKCI4tTGP56IwxPqYhymRcPvHY=; h=From:To:Subject:In-Reply-To:References:Date:Message-ID: MIME-Version:Content-Type; b=TfBjUMH2WvzjMm9ehiH937UkCPOvWkkspEiwM/XewZi/U6JkLqsqRzfFYzVQ/SsAi s5p/e9WkMeW2V7GlHWrY77OT9qNae4eCE9pRI2tzKDDiwHcUwr298ZS0XzJB9jlkej BSHIl7N/vd2xZNh6vRF5lZTC7xGUDb1v4BJSXAaY= Original-Received: from carbon (localhost [127.0.0.1]) by carbon.jhcloos.org (Postfix) with ESMTP id 81A791E9F31 for ; Sun, 31 Oct 2010 21:31:05 +0000 (UTC) In-Reply-To: (Lars Magne Ingebrigtsen's message of "Sun, 31 Oct 2010 16:52:08 +0100") User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/24.0.50 (gnu/linux) Face: iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABHNCSVQICAgIfAhkiAAAAI1J REFUOE+lU9ESgCAIg64P1y+ngUdxhl5H8wFbbM0OmUiEhKkCYaZThXCo6KE5sCbA1DDX3genvO4d eBQgEMaM5qy6uWk4SfBYfdu9jvBN9nSVDOKRtwb+I3epboOsOX5pZbJNsBJFvmQQ05YMfieIBnYX FK2N6dOawd97r/e8RjkTLzmMsiVgrAoEugtviCM3v2WzjgAAAABJRU5ErkJggg== Copyright: Copyright 2009 James Cloos OpenPGP: ED7DAEA6; url=http://jhcloos.com/public_key/0xED7DAEA6.asc OpenPGP-Fingerprint: E9E9 F828 61A4 6EA9 0F2B 63E7 997A 9F17 ED7D AEA6 Original-Lines: 27 X-Hashcash: 1:30:101031:ding@gnus.org::T334lhQk5ArTqmk/:000/GeDn X-Spam-Score: -2.0 (--) List-ID: Precedence: bulk Xref: news.gmane.org gmane.emacs.gnus.general:73750 Archived-At: >>>>> "LMI" == Lars Magne Ingebrigtsen writes: LMI> It seems kinda weird, though. AUTHENTICATE PLAIN is just basically a LMI> base64-encoded version of LOGIN, so I'm not quite understanding what the LMI> point is... I'm sure the discourse went something like: TLSsupporter> kill off LOGIN! kill off LOGIN! kill off LOGIN! StatusQuo> But we need to auth against out /etc/shadow, and that StatusQuo> requires the user send their secret to the server and AUTH=PLAIN was the compromize. And the TLS guys should prefer TLS client cert aaa anyway. On the plus side, it does allow the separation of authentication and authorization realms, so that, eg, the each support tech at example.com could log in to the support@example.com account as themselves. That would allow the audit logs to show exactly who did what. But, yes, otherwise it is just /different/ than LOGIN, not better. -JimC -- James Cloos OpenPGP: 1024D/ED7DAEA6