[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Password database

Subject: Re: [cobalt-users] Password database
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Date: Fri Jan 26 20:42:26 2001
Organization: nobaloney.net
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

"Rodolfo J. Paiz (E-mail)" wrote:

> > On RAQ3 password database, is there a way for me to know all
> > the passwords created by my clients for their sites/e-mails?
> > I would be migrating my RAQ3 sites to a new server and wouldn't
> > want my clients to recreate all their e-mails.
> 
> No. And hopefully there never will be; would *you* want any sysadmin to
> be able to get your password?

Doesn't really matter, since the sysadmin could read any file s/he
wanted to.

The real reason to not have available passwords would be so that
crackers couldn't get 'em.

> However, it occurs to me that you could copy the encrypted password
> without knowing it, and things would still work the same. Can anyone
> validate this?

Works fine if both computer use the same password hashing scheme. 
Doesn't work when moving from a RaQ3 to RH7, at least not if you set the
password hashing scheme to allow long passwords.

Jeff
-- 
Jeff Lasman <jblists@xxxxxxxxxxxxx>
nobaloney.net
P. O. Box 52672
Riverside, CA  92517
voice: (909) 787-8589  *  fax: (909) 782-0205

References:
- RE: [cobalt-users] Password database
  - From: Rodolfo J. Paiz \(E-mail\)

Prev by Date: Re: [cobalt-users] extra noise
Next by Date: Re: [cobalt-users] Attention List users....
Previous by thread: RE: [cobalt-users] Password database
Next by thread: RE: [cobalt-users] Password database

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index