Re: [Exim] Security Considerations (AUTH + shadow)

Pàgina inicial
Delete this message
Reply to this message
Autor: Frank Elsner
Data:  
A: David Harrigan
CC: exim-users
Assumpte: Re: [Exim] Security Considerations (AUTH + shadow)
On Thu, 12 Oct 2000 14:40:16 BST "David Harrigan" wrote:
> After some time, I've managed to get AUTH working for
> plaintext (no need for MD5 at the mo). However, in order
> to do so I've had to +r my /etc/shadow config. This is because

                       ^^^^^^^^^^^^^^^^^
Really bad idea. Why use shadow passwords anymore ?


> exim runs as UID/GUID 8 (mail). Is there anyway I can make
> this more secure? How about I add mail to the shadow group
> (which has default r access to the shadow file) Would that help
> or make no difference?
>
> Any advice would be appreciated...


I ran into the same problem and solved it this way:

root runs a cronjob every hour (your milage may vary) which reformats
/etc/shadow into a file suitable for exim and then calls exim_dbmbuild.

Works fine for me.


Regards        _______________________________________________________________ 
Frank Elsner  /                           c/o  Technische Universitaet Berlin |
 ____________/                                 ZRZ, Sekr. E-N 50              |

|                                              Einsteinufer 17                |

|Voice: +49 30 314 23897                       D-10587 Berlin                 |
|SMTP : Elsner@???                Germany       _________________|
|____________________________________________________________| Ich habe fertig