-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 29 May 00, at 15:49, Krzysztof Dabrowski wrote:
> so we finally need a good , versatile solution for it. Because a lot
> of users have problems with it and not everyone wants to go ahead and
> patch his way through qmail-smtpd.
I'm not completely sure how the authenticated SMTP conversation
looks like. You have two possible approaches:
1. qmail-popup like. You start SMTP conversation as a root, grab a
username/password, verify it, drop root and go on. (That's what
qmail-popup -> checkpassword -> qmail-pop3d sequence
accomplishes.)
2. pam_pwdb like. You patch qmail-smtpd to fork()/exec() an
external program to check the password. That program is suid and
is executable only for root and group of qmaild user (nofiles - doh!
create a special group for qmaild user, and don't put anyone else in
it). The program also has the correct logging of failed attempts and
correct timeouts.
[I am leaving aside other approaches like having an extra database
for smtp-auth passwords, and not touching /etc/shadow. It's not a
bad idea either, though. That database now can be limited to
qmaild user - and there you go!]
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2 -- QDPGP 2.60
Comment: http://community.wow.net/grt/qdpgp.html
iQA/AwUBOTJpTVMwP8g7qbw/EQI2gwCfb+ZiquKkl8MpH6KuQSBu2HSfNFYAnj/p
izVg5r5r5qNJ55rhs9LLZnvd
=+5ek
-----END PGP SIGNATURE-----
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
[Tom Waits]
