著者: Adam Funk 日付: To: exim-users 題目: [exim] Re: More secure authentication with dyndns.com's mailhop
outbound service?
On 2006-04-11, Philip Hazel <ph10@???> wrote: > On Tue, 11 Apr 2006, Tony Finch wrote:
>
>> On Tue, 11 Apr 2006, Adam Funk wrote:
>> >
>> > I would like exim to be able to authenticate to outbound.mailhop.org
>> > without storing the unencrypted password on disk. Is this possible?
>>
>> Where else can it get the password from?
>
> A socket. You can write a daemon that starts up when you boot the
> machine and get it to prompt you (the console) for the password. It can
> keep the password in main memory (though of course this could get
> written to swap disk; you'll have to think about that). Exim can read
> the password using ${readsocket. Alternatively, you could use a named
> pipe.
Ingenious -- this is similar in some ways to ssh-agent, right? Also
sounds like a real challenge, which I *might* *possibly* be able to
get working before dyndns provides an alternative.
I pointed out to them earlier today that I didn't like haven't the
account management password unencrypted on the drive and said I'd
rather be able to set up a different password or userid+password
purely for mail authentication. They responded "Separate passwords
for services like you describe is a feature that we will likely add in
the future. Thanks for the suggestion."