[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [leafnode-list] Question regarding authentification

* Cornelius Krasel (krasel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx) [1999-07-22 00:15]:
> 1) Ignoring authentification based on /etc/shadow

Can give strange effects. 

> 2) Let the nntpd run on UID (or GID) 0

Not a good idea either, opens up even more abuse possibilities,
leafnode is far from bug-free and does not have a special secure

> 3) Have an own user/password file which is readable by news:news

My idea:

4) go to www.qmail.org and check out the various checkpasswd thingies
that are actually provided for qmail's qmail-pop3d, and see if they
will fit into leafnode somehow. If they do, add a hook and there you
go. I find the man pages of qmail's qmail-popup and qmail-pop3d helpful
in this context. Adding a modularized checkpassword feature is of
course one additional step during installation, but it has big
advantages if someone happens to try to do mySQL or other lookup things. 

Matthias Andree

 Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!

leafnode-list@xxxxxxxxxxxxxxxxxxxxxxxxxxxx -- mailing list for leafnode
To unsubscribe, send mail with "unsubscribe" in the subject to the list