Re: [exim] smtp auth

Top Page
Delete this message
Reply to this message
Author: Heiko Schlittermann
Date:  
To: exim-users
Subject: Re: [exim] smtp auth
Oliver Schalch <oliver.schalch@???> (Mo 22 Aug 2005 10:25:38 CEST):
> Hi List,
>
> I was wondering why exim uses an own Password File, which meets a normal
> shadow file.

..
> Could /etc/exim/passwd not just get a symlink to /etc/shadow? Or is that
> no good of security
> reasons?


It's no good idea to use system passwords for SMTP auth, since often the
connection is not encrypted.

And normally exim drops its privileges after some initial work, so I'd
assume (not checked), that exim can't access the
'-rw----- root:shadow shadow' file for checking the user password.



    Best regards from Dresden
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann HS12-RIPE -----------------------------------------
 gnupg encrypted messages are welcome - key ID: 48D0359B ---------------
 gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2  7E92 EE4E AC98 48D0 359B -