Re: [exim] plaintext server_condition

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Gall Anonim
Date:  
À: exim-users
Sujet: Re: [exim] plaintext server_condition
Thank Your for replay.
> Try a plaintext match and if that fails try a crypt match?

Is it possible to write such condition to make it in one authenticator plain: ?
I am trying to find it exim manual but w/o success.

> Horribly
> insecure (it makes crypted passwords equivalent to plaintext passwords
> because you can type in your crypted password to authenticate yourself)
> but it will allow you to migrate to all-crypted, at which point you can
> turn off the plaintext matching. If you're using a modern crypt() you can
> improve the security by checking the format of the stored password and
> not allowing plaintext matches for passowrds that appear to be crypted.
>
> Tony.


I cant change the mechanism of storing password for some users, due to
customer policy. Good thing is that those users are few only.

Best Regards
Gall

----------------------------------------------------
"Wimbledon" przyjemny i przepisowy film o sporcie. Już na DVD.
http://klik.wp.pl/?adr=http%3A%2F%2Ffilm.wp.pl%2Fp%2Ffilm.html%3Fid%3D24446&sid=394