Oliver Schalch <oliver.schalch@???> (Mo 22 Aug 2005 10:25:38 CEST):
> Hi List,
>
> I was wondering why exim uses an own Password File, which meets a normal
> shadow file.
..
> Could /etc/exim/passwd not just get a symlink to /etc/shadow? Or is that
> no good of security
> reasons?
It's no good idea to use system passwords for SMTP auth, since often the
connection is not encrypted.
And normally exim drops its privileges after some initial work, so I'd
assume (not checked), that exim can't access the
'-rw----- root:shadow shadow' file for checking the user password.
Best regards from Dresden
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann HS12-RIPE -----------------------------------------
gnupg encrypted messages are welcome - key ID: 48D0359B ---------------
gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B -