-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tracy R Reed wrote:
[r.e. 0 sendmail delay = 3 milli-light sec radius] It also illustrates the important principle that users careful descriptions of problems, however goofy they may sound to you, should not be dismissed. I tried to change an email password for an account at UCSD this week, but found that email for that account could still be accessed using the old password via pop/ssl (though not by webmail or plaintext) after making the change on the secure form that updates the kerberos database. I got the typical response from ACS support. After being told that what I was describing was impossible, and to change it again ... and again, they said they would do it for me. The kid at the help desk gave me an "old idiot can't change his password" smile, entered the new password on the same damn web form, and announced that my problem was "all fixed now" (there, there). It wasn't, of course. I emailed Brian Kantor, who initially agreed with me that it could be a problem with the old APOP password (same as old network password) not being updated. He removed this, but the old password continued to work via pop/ssl, with or without APOP authentication being set. After about 2 days of fiddling, Brian discovered the password database for the secure server was not being correctly updated, and fixed the problem (IMHO, a security flaw for a "secure" email server.) David Looney - -- When you have eliminated the impossible, whatever remains, however improbable, must be the truth. - Sir Arthur Conan Doyle -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEN+vCZnDUcKSydkURAtfXAKChAyWxgeZRQQWdGD2l9B3U0dmBcwCfQlt3 H7sgWBTGRq8dgvU4g9Pm5cM= =ERHP -----END PGP SIGNATURE----- -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
