From 0441d265f2bb9da249c7abf333f0f771fadb4ab5 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Mon, 15 Apr 2024 19:36:47 +0200
Subject: Adding upstream version 1:2.3.21+dfsg1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 doc/wiki/Authentication.txt | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 doc/wiki/Authentication.txt

(limited to 'doc/wiki/Authentication.txt')

diff --git a/doc/wiki/Authentication.txt b/doc/wiki/Authentication.txt
new file mode 100644
index 0000000..d72c5d7
--- /dev/null
+++ b/doc/wiki/Authentication.txt
@@ -0,0 +1,37 @@
+Authentication
+==============
+
+Authentication is split into four parts:
+
+ 1. <Authentication mechanisms> [Authentication.Mechanisms.txt]
+ 2. <Password schemes> [Authentication.PasswordSchemes.txt]
+ 3. <Password databases> [PasswordDatabase.txt]
+ 4. <User databases> [UserDatabase.txt]
+
+See also <authentication penalty> [Authentication.Penalty.txt] handling for IP
+addresses. See also <authentication policy support> [Authentication.Policy.txt]
+for making policy based decisions.
+
+Authentication mechanisms vs. password schemes
+----------------------------------------------
+
+Authentication mechanisms and password schemes are often confused, because they
+have somewhat similar values. For example there is a PLAIN auth mechanism and
+PLAIN password scheme. But they mean completely different things.
+
+ * *Authentication mechanism is a client/server protocol*. It's about how the
+   client and server talk to each others in order to perform the
+   authentication. Most people use only PLAIN authentication, which basically
+   means that the user and password are sent without any kind of encryption to
+   the server. SSL/TLS can then be used to provide the encryption to make PLAIN
+   authentication secure.
+ * *Password scheme is about how the password is hashed in your password
+   database*. If you use a PLAIN scheme, your passwords are stored in cleartext
+   without any hashing in the password database. A popular password scheme
+   MD5-CRYPT (also commonly used in '/etc/shadow') where passwords looks like
+   "$1$oDMXOrCA$plmv4yuMdGhL9xekM.q.I/".
+ * Plaintext authentication mechanisms work with ALL password schemes.
+ * Non-plaintext authentication mechanisms require either PLAIN password scheme
+   or a mechanism-specific password scheme.
+
+(This file was created from the wiki on 2019-06-19 12:42)
-- 
cgit v1.2.3