Re: [exim] Security in Exim

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Marc Haber
Date:  
À: exim-users
Sujet: Re: [exim] Security in Exim
On Thu, 7 May 2015 13:57:30 +0200, Jan Ingvoldstad
<frettled@???> wrote:
>On Wed, May 6, 2015 at 12:07 PM, Ajit Mhatre <ajitmhatre.9@???> wrote:
>> i am having a problem in *exim4* ,that is* /etc/exim4/password.client*
>> file contain *email id* and *password* . The both email id and password in
>> Plain text format. so anyone can acess the password.client file can get my
>> password.
>> So please help me out how to hide or encrypt that password field in
>> *password.clien*t so no one can hack or know my password
>
>
>This may not be the answer you want. Others have provided info on how to
>avoid file permission mistakes, so this is a different take on your
>question.
>
>You appear to be using CRAM-MD5 or DIGEST-MD5 authentication, which
>requires plaintext passwords to be stored on the server side.
>
>If you're instead willing to use PLAIN and LOGIN authentication, you can
>run saslauthd (a piece of Cyrus software), or even an IMAP-based
>authentication, where only the hashed passwords are stored on disk or in a
>database.


This applies to exim as server. He is using exim as a client, which
_needs_ the plain-text password on the client side.

See the reference to /etc/exim4/password.client (misspelled, it's
passwd.client).

Greetings
Marc
-- 
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber         |   " Questions are the         | Mailadresse im Header
Mannheim, Germany  |     Beginning of Wisdom "     | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834