[Exim] Security Considerations (AUTH + shadow)

Top Page
Delete this message
Reply to this message
Author: David Harrigan
Date:  
To: exim-users
Subject: [Exim] Security Considerations (AUTH + shadow)
Hiya,

After some time, I've managed to get AUTH working for
plaintext (no need for MD5 at the mo). However, in order
to do so I've had to +r my /etc/shadow config. This is because
exim runs as UID/GUID 8 (mail). Is there anyway I can make
this more secure? How about I add mail to the shadow group
(which has default r access to the shadow file) Would that help
or make no difference?

Any advice would be appreciated...

David Harrigan
KMP Internet
Regent House, Heaton Lane
Stockport, Cheshire. SK4 1BS
Phone: +44 (0) 161 429 6590 Fax: +44 (0) 161 476 0370
http://www.kmpinternet.com

PGP Key and ID: http://patience.mcc.ac.uk