Szerző: Jan Ingvoldstad Dátum: Címzett: Ajit Mhatre CC: exim users Tárgy: Re: [exim] Security in Exim
On Wed, May 6, 2015 at 12:07 PM, Ajit Mhatre <ajitmhatre.9@???> wrote:
>
> i am having a problem in *exim4* ,that is* /etc/exim4/password.client*
> file contain *email id* and *password* . The both email id and password in
> Plain text format. so anyone can acess the password.client file can get my
> password.
> So please help me out how to hide or encrypt that password field in
> *password.clien*t so no one can hack or know my password
This may not be the answer you want. Others have provided info on how to
avoid file permission mistakes, so this is a different take on your
question.
You appear to be using CRAM-MD5 or DIGEST-MD5 authentication, which
requires plaintext passwords to be stored on the server side.
If you're instead willing to use PLAIN and LOGIN authentication, you can
run saslauthd (a piece of Cyrus software), or even an IMAP-based
authentication, where only the hashed passwords are stored on disk or in a
database.
As saslauthd scales to at least a reasonable amount of users, I'll try to
show how that can be used for these authentication types.
To use saslauthd, you need the following Debian packages (as per wheezy,
the version numbers may be different in jessie):
libsasl2-2
libsasl2-modules
sasl2-bin
Here's what the exim config looks like, supporting both the PLAIN and LOGIN
options:
In Debian, /etc/default/saslauthd can e.g. be configured to use the
"shadow" mechanism to check passwords against the local shadow file, but as
you can see from its documentation, you have several options.
--
Jan