[exim] Re: More secure authentication with dyndns.com's mail…

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Adam Funk
日付:  
To: exim-users
題目: [exim] Re: More secure authentication with dyndns.com's mailhop outbound service?
On 2006-04-11, Philip Hazel <ph10@???> wrote:
> On Tue, 11 Apr 2006, Tony Finch wrote:
>
>> On Tue, 11 Apr 2006, Adam Funk wrote:
>> >
>> > I would like exim to be able to authenticate to outbound.mailhop.org
>> > without storing the unencrypted password on disk. Is this possible?
>>
>> Where else can it get the password from?
>
> A socket. You can write a daemon that starts up when you boot the
> machine and get it to prompt you (the console) for the password. It can
> keep the password in main memory (though of course this could get
> written to swap disk; you'll have to think about that). Exim can read
> the password using ${readsocket. Alternatively, you could use a named
> pipe.


Ingenious -- this is similar in some ways to ssh-agent, right? Also
sounds like a real challenge, which I *might* *possibly* be able to
get working before dyndns provides an alternative.

I pointed out to them earlier today that I didn't like haven't the
account management password unencrypted on the drive and said I'd
rather be able to set up a different password or userid+password
purely for mail authentication. They responded "Separate passwords
for services like you describe is a feature that we will likely add in
the future. Thanks for the suggestion."