martin f krafft <[EMAIL PROTECTED]> writes: > also sprach Derrick 'dman' Hudson <[EMAIL PROTECTED]> [2003.01.27.1949 +0100]: >> 1) the pam config file can be found >> 2) the pam module referenced can be found >> 3) any other resources the pam module needs can be found > > which is a lot, and i am not willing to maintain a chroot with all > these features.
There was a time when Wietse spoke about adding an auth service to postfix so that all the auth stuff could be ripped out of smtpd. I don't know what happened to that, for all I know it got into postfix 2.0... The idea was to leave smtpd in the jail even when the auth stuff required elevated privs. authd (or whatever it would be called) would run with whatever privs were necessary to do the authentication. smtpd and authd would communicate like any other postfix daemon (unix domain sockets normally). If you look at the postfix source, you can see that Wietse is not too happy about linking SASL with smtpd. Of course, he is pretty paranoid about security... much more than most would ever be. The SASL_README file starts out with: <quote> WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING =============================================================== This code is not blessed by Wietse. To use SASL support on Debian GNU/Linux, you must install the postfix-tls package. People who go to the trouble of installing Postfix may have the expectation that Postfix is more secure than some other mailers. With SASL authentication enabled in the Postfix SMTP client and SMTP server, Postfix becomes no more secure than other mail systems that use the Cyrus SASL library. The Cyrus SASL library has too little documentation about how the software is supposed to work; and it is too much code to be used in a security-sensitive program such as an SMTP client or server. </quote> -- -rupa -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
