Re: FAQ: What is saslauthd?

The point is that you can come up with an infinite number of vulnerabilities as a result of misconfiguration. The second point is that you can not assert sasldauthd/pwcheck creates denial of service attacks or is insecure without considering the services that uses it. Walter

Re: FAQ: What is saslauthd?

Lawrence Greenfield wrote: >From: Christopher Wong <[EMAIL PROTECTED]> >Date: Tue, 11 Sep 2001 17:56:08 -0400 > >[...] >Thanks. Does it slow down retries in the case of unsuccessful attempts? >Otherwise, it would be as vulnerable to password guessing as pwcheck >is. That we

Re: FAQ: What is saslauthd?

From: Christopher Wong <[EMAIL PROTECTED]> Date: Tue, 11 Sep 2001 17:56:08 -0400 [...] Thanks. Does it slow down retries in the case of unsuccessful attempts? Otherwise, it would be as vulnerable to password guessing as pwcheck is. That weakness of pwcheck makes it practically

Re: FAQ: What is saslauthd?

> On Tue, 11 Sep 2001 17:56:08 -0400, > Christopher Wong <[EMAIL PROTECTED]> (cw) writes: cw> Thanks. Does it slow down retries in the case of unsuccessful attempts? What about other SASL methods? Do they slow down and/or lock out repeated guessing attacks? Don't know. I imagine addi

Re: Hooking a custom handler to replace Sieve?

Steven J. Sobol wrote: > On Mon, 10 Sep 2001, Amos Gouaux wrote: > > > My thoughts are less ambitious. What I'd like is for the MTA to do > > the spam/whatever filtering <...snip> > > This would be a function of the MTA, wouldn't it? Not the MUA or the > POP/IMAP Server... > Err... I think that's

Re: FAQ: What is saslauthd?

On Monday 10 September 2001 18:26, Christopher Audley wrote: > saslauthd is an evolution of pwcheck available with the 1.5.27 and > 2.0.x versions of the sasl library (available from CVS). Saslauthd > basically takes the core of pwcheck and adds forking so that each > request is handled by a diff

Re: Hooking a custom handler to replace Sieve?

On Mon, 10 Sep 2001, Amos Gouaux wrote: > My thoughts are less ambitious. What I'd like is for the MTA to do > the spam/whatever filtering, and if the message was considered to be > spam, the MTA would just add a header to the message. If the user > wanted to, have some formula Sieve script tha

Re: Auth with PAM to /etc/shadow problem

Try using: sasl_passwd_check: pam (in lowercase) in your imapd.conf you may also want to try: sasl_passwd_check: shadow to make sure you passwd shadow authentication is working. Also make sure when you check authentication against the shadow file, the cyrus user needs to have rights to view the