On 17/09/2012, at 3:54 AM, Sam Hartman <[log in to unmask]> wrote:
> OK. It adds a fair bit of code and complexity to mech_eap.
> This is particularly true because we then need to add a credential
> database to the acceptor's EAP server. GSS doesn't have a good way to
> handle that; that's actually one of the problems with using a GSS
> interface to a mechanism like SCRAM.
I don't know how stable the on-disk format is, but we could use the Cyrus saslpasswd2 format; that avoids having to ship tools.
-- Luke
|