On Thu, Oct 04, 2001 at 04:35:48PM +0000, Cecilia Cabrera wrote: > Hi, i've been to modify a Qpopper that isn't using encryption for > it's passwords so that it does. Since it is already running with at least > 300 users and from what i've read, i believe the easiest thing to do would > be to run a ./configure --enable-specialauth so it uses /etc/shadows > encrypted passwords (althought this would leave them without mail for a while - as >long as it > takes me to figure things out! :) ). > > Is this right? Is there a simpler way? Are you attempting to have it use encrypted passwords "on the disk", in terms of how the password's stored on the server, or "on the wire", for network communications with the users?
Shadow password files have to do with the former, how securely the data is stored on the disk. If your qpopper is working with the users' normal login passwords now, and if your system has a shadow password file, then qpopper is already using the shadow password file and you don't need to reconfigure it for that. If you're wanting it to use encrypted communication "on the wire", for the network connections, then that's a totally different question. Again, it won't involve whether you're using a shadow password file, and it won't work by having the users log in with the encrypted text you find inside the password file. You need to consider several possibilities, which will depend on what your users' mail programs support. If you only have a few hundred users, you may have an easier time limiting what programs you use. Two major alternatives are: APOP - the session is in the clear (unencrypted), but the user's mail program follows an alternative authentication protocol which does not get the password from the user in "cleartext". This uses a separate password database. SSL - the entire session between the user's mail program and qpopper is encrypted using the same protocol used for secure web server connections; *inside* this encrypted channel, the username and password change take place just as usual. TLS is a variation on SSL where the two ends of the protocol (qpopper and the mail client) can automatically detect whether they can both use encryption, or make a clear connection if they can't. > Is there a document that explains things further that you can recommend? Do read the whole .PDF file included with popper. It has a lot of useful information there. This is probably the limit of what I can help you with; I know how this works in theory, but have not set up either of those in practice. -- Clifton -- Clifton Royston -- LavaNet Systems Architect -- [EMAIL PROTECTED] WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
