[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [leafnode-list] Question regarding authentification

To: leafnode-list@xxxxxxxxxxxxxxxxxxxxxxxxxxxx
Subject: Re: [leafnode-list] Question regarding authentification
From: Matthias Andree <mandree@xxxxxxxxxxxxxxxxxxxxxxx>
Date: by ns (mbox horst.fischer)(with Cubic Circle's cucipop (v1.31 1998/05/13) Fri Jul 23 14:53:48 1999)

* Cornelius Krasel (krasel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx) [1999-07-22 00:15]:
> 1) Ignoring authentification based on /etc/shadow

Can give strange effects. 

> 2) Let the nntpd run on UID (or GID) 0

Not a good idea either, opens up even more abuse possibilities,
leafnode is far from bug-free and does not have a special secure
design. 

> 3) Have an own user/password file which is readable by news:news

My idea:

4) go to www.qmail.org and check out the various checkpasswd thingies
that are actually provided for qmail's qmail-pop3d, and see if they
will fit into leafnode somehow. If they do, add a hook and there you
go. I find the man pages of qmail's qmail-popup and qmail-pop3d helpful
in this context. Adding a modularized checkpassword feature is of
course one additional step during installation, but it has big
advantages if someone happens to try to do mySQL or other lookup things. 

-- 
Matthias Andree

 Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!

-- 
leafnode-list@xxxxxxxxxxxxxxxxxxxxxxxxxxxx -- mailing list for leafnode
To unsubscribe, send mail with "unsubscribe" in the subject to the list

Follow-Ups:
- Re: [leafnode-list] Question regarding authentification
  - From: Cornelius Krasel

References:
- [leafnode-list] Question regarding authentification
  - From: Cornelius Krasel

Prev by Date: Re: [leafnode-list] fetchnews
Next by Date: Re: [leafnode-list] Question regarding authentification
Previous by thread: [leafnode-list] Question regarding authentification
Next by thread: Re: [leafnode-list] Question regarding authentification
Index(es):
- Date
- Thread