On Mon, 2007-08-20 at 15:02 -0400, David Bolen wrote:
Julien Peeters
writes: In theory all is possible. But it's an other challenge that to find a good and clean way to do it :-).
I interested in all propositions if someone have any ideas.
Maybe I missed it, but it sounded like "it" was just using an alternate hashing algorithm, for which an approach towards doing that is what I think we've covered, no?
I'm sorry, I done an English mistake may be (I'm not a native english speaker). When I talked about another "challenge", I talked about the support of any credentials (different from username/password). I agree that the use of different hashing algorithm is trivial. However, that's important to notice that the credentials at the client side have to hash the password given by the user, if this last one is given as clear text.
Perhaps it might be clearer if you restated your needs and/or goal for an alternate method of authentication - that might prompt more helpful responses.
In the end, my main interest is to be able to use any credentials I want. By for the moment, use any hashing algorithm is already positive ;-) . Julien.