Re: [Exim] Security Considerations (AUTH + shadow)

Pàgina inicial
Delete this message
Reply to this message
Autor: Philip Hazel
Data:  
A: Lukasz Grochal
CC: exim-users
Assumpte: Re: [Exim] Security Considerations (AUTH + shadow)
On 12 Oct 2000, Lukasz Grochal wrote:

> Still - this is not the way, I believe. I'd rather use PAM to do the
> authentication.


If I were in this game, which I'm not, I would not use login passwords
for SMTP authentication, especially if I were allowing the use of plain
text AUTH over unencrypted channels. It makes sense to use entirely
different passwords, especially as they are often stored in files (e.g.
on laptops). That way, if the password is compromised, the worst it
permits is mail relaying, because it doesn't give access to a login account.

Of course, you'll have to set up a bit more machinery to manage this,
and you'll have to persuade your users not to set the same password for
both...

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.