Jürgen Herz writes:
Hello together,I'm about to install maildrop standalone in an environment with virtual users which I want to manage in an OpenLDAP directory. Since the Debian packages of maildrop (1.5.3) aren't compiled with LDAP support, I downloaded and compiled maildrop (2.0.2) and then discovered I now additionally need courier authlib. Two questions because of this: 1. Configure throws "Cannot find either the gdbm or the db library". I know the FAQ entry about it, but don't see why I need them for authlib when configured with --without-authuserdb. Is this an overchecking configure script or are they really necessary also in this case?
Although courier-authlib itself may not needed, the subsequent packages, such as maildrop, do require one or the other.
2. INSTALL in maildrop says something about the need to either invoke maildrop as root user or make authlib's socket world readable. And then "if the permissions on the socket directory are changed, anyone on the system can connect and obtain any account's password!" Does that mean authlib has direct readaccess to the password on the directory? I thought it would only authenticate against it, say, provide username and password and receive ok or failed. But as it looks to me authlib would have some privileged access, which in order must be read from some configure file laying around.
courier-authlib will have access to the password except in certain, very narrow situations, such as authpam with a non-pwd based PAM module.
pgp27itjgfcQU.pgp
Description: PGP signature
