Password options
I work for a company that had a mail server operating prior to my starting. It is a Slackware system running qmail-1.03. It is configured with /home/maildir for the users. The rest of the network is NT controlled. Most users are running Eudora Pro for a client. There is limited use of Outlook at the same time. The password request uses the shadow password for authentication. My CTO recently started asking about switching to APOP instead of POP for logins. He started a packet sniffer and pulled the user name and password for the mail transfer. As a result of this he wants a more secure method used. From what I have been finding the only program that works with qmail is checkpw. The drawback I see is that the users password is stored in cleartext in the home directory. Since the CTO does not want either of us to know these due to company policy (currently when a password is changed I activate passwd and have the user enter the new one). Is there a way to use the shadow password, or a program that does not use a cleartext file? I do have a password generator program that can be run to give me an encoded password. I use this to generate a UNIX compatible code to activate the CVS program in the NT environment for development. Thanks in advance, Richard Lyon Network Administrator AbsoluteFuture, Inc. NE 8th Street, Suite 1414 Bellevue, WA 98004
Re: Password options
On Thu, 01 Mar 2001, Richard Lyon wrote: I work for a company that had a mail server operating prior to my starting. It is a Slackware system running qmail-1.03. It is configured with /home/maildir for the users. The rest of the network is NT controlled. Most users are running Eudora Pro for a client. There is limited use of Outlook at the same time. The password request uses the shadow password for authentication. My CTO recently started asking about switching to APOP instead of POP for logins. He started a packet sniffer and pulled the user name and password for the mail transfer. As a result of this he wants a more secure method used. From what I have been finding the only program that works with qmail is checkpw. The drawback I see is that the users password is stored in cleartext in the home directory. Since the CTO does not want either of us to know these due to company policy (currently when a password is changed I activate passwd and have the user enter the new one). Is there a way to use the shadow password, or a program that does not use a cleartext file? I do have a password generator program that can be run to give me an encoded password. I use this to generate a UNIX compatible code to activate the CVS program in the NT environment for development. Thanks in advance, Richard Lyon Network Administrator AbsoluteFuture, Inc. NE 8th Street, Suite 1414 Bellevue, WA 98004 Go to www.qmail.org and search through the document for apop. You should find 2 items, the second of which sounds like what you want. -- *** Matthew H Patterson Unix Systems Administrator National Support Center, LLC Naperville, Illinois, USA ***
Re: Password options
On Thu, Mar 01, 2001 at 12:37:37PM -0800, Richard Lyon wrote: [snip] cleartext file? I do have a password generator program that can be run to give me an encoded password. I use this to generate a UNIX compatible code to activate the CVS program in the NT environment for development. Well, the choice is cleartext over the network, or cleartext on the server. Plain POP3 offers no other choices. What you probably want is pop3 with normal authentication (from shadow), over SSL. www.qmail.org can help you out here. Greetz, Peter.
