[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [leafnode-list] Question regarding authentification
* Cornelius Krasel (krasel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx) [1999-07-22 00:15]:
> 1) Ignoring authentification based on /etc/shadow
Can give strange effects.
> 2) Let the nntpd run on UID (or GID) 0
Not a good idea either, opens up even more abuse possibilities,
leafnode is far from bug-free and does not have a special secure
design.
> 3) Have an own user/password file which is readable by news:news
My idea:
4) go to www.qmail.org and check out the various checkpasswd thingies
that are actually provided for qmail's qmail-pop3d, and see if they
will fit into leafnode somehow. If they do, add a hook and there you
go. I find the man pages of qmail's qmail-popup and qmail-pop3d helpful
in this context. Adding a modularized checkpassword feature is of
course one additional step during installation, but it has big
advantages if someone happens to try to do mySQL or other lookup things.
--
Matthias Andree
Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!
--
leafnode-list@xxxxxxxxxxxxxxxxxxxxxxxxxxxx -- mailing list for leafnode
To unsubscribe, send mail with "unsubscribe" in the subject to the list