Changes between Version 7 and Version 8 of Authentication

Timestamp:

11/07/13 05:09:32 (7 years ago)

Author:

Antoine Martin

Comment:

--

Authentication

@@ -20 +20 @@
 * [/browser/xpra/trunk/src/xpra/server/auth/allow_auth.py allow]: always allows the user to login - dangerous / only for testing
 * [/browser/xpra/trunk/src/xpra/server/auth/fail_auth.py fail]: always fails authentication - useful for testing
-* [/browser/xpra/trunk/src/xpra/server/auth/file_auth.py file]: looks up usernames and password in the password file (more on that below)
+* [/browser/xpra/trunk/src/xpra/server/auth/file_auth.py file]: looks up usernames and password in the password file (see [/wiki/Authentication#PasswordFile below])
 * [/browser/xpra/trunk/src/xpra/server/auth/pam.py pam]: linux PAM authentication
 * [/browser/xpra/trunk/src/xpra/server/auth/win32_auth.py win32]: win32security authentication
@@ -38 +38 @@
 
 * the password is never sent in plain text over the wire, the authentication modes that require the password to be sent to the server unhashed ({{{sys}}}: {{{pam}}} and {{{win32}}}) will refuse to run without [/wiki/Encryption Encryption]
-* when used over TCP sockets, password authentication is vulnerable to man-in-the-middle attacks where an attacker could intercept the initial exchange and use the stolen authentication challenge to access the session, [/wiki/Encryption Encryption] prevents that
+* when used over TCP sockets, password authentication is vulnerable to man-in-the-middle attacks where an attacker could intercept the initial exchange and use the stolen authentication challenge response to access the session, [/wiki/Encryption Encryption] prevents that
 * the client does not verify the authenticity of the server, [/wiki/Encryption Encryption] does
 }}}