Ronny,
The problem w/ setting up a permanent password to file is it leaves you less
flexibility to change it on the fly.
As part of a good security policy, passwords should be changed periodically.
Unless you want to keep updating
some other files when you do this, you are better off keeping your
authentication database on a single location, be that /etc/passwd, LDAP or
whatever.
As far as fetchmail is concerned, it's proven itself to be a very nifty
tool. But that's what it is, just a tool. You already have all the tools
you need to implement ETRN. I suggested to RTFM your on your MTA since am
not sure what you're using. There are ways to do this w/ sendmail, postfix,
qmail, exim, even OpenMail. Use the services already running before adding
another layer of complexity. This prevents a LOT of headaches in the future
=)
As far as security is concerned, yes you are the only guy w/ access to the
server NOW. But what if your services grow beyond the capacity of one
person to administer? A security policy should be set up to anticipate
growth beyond a single administrator configuration.
-makatao
----- Original Message -----
From: "Ronneil Camara" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, August 31, 2000 11:07 PM
Subject: RE: [plug] Suggestions Needed
> > -----Original Message-----
> > From: Pro-People [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, August 31, 2000 8:19 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: [plug] Suggestions Needed
> >
> >
> > Ronneil,
> >
> > wouldn't this setup require that you provide your passwords
> > on a script when
> > downloading from your ISP? what about those of your internal users?
>
> Yeah, yun lang ang problema ng fetchmail when putting it on a
.fetchmailrc,
> kitang kita ang password sa file. Anyways, ikaw lang naman ang meron
access
> sa Linux machine. So be sure to secure your linux, disable telnet then
setup
> ssh and don't TRUST anyone. Your users might act like benign, pero yun
pala,
> meron nang ibang ginagawa.
>
> Baka meron ibang PLUGger na fetchmail hacker dito, maybe they can suggest.
> :-)
>
> >
> > wouldn't it be better if you have your own domain name, have
> > your ISP be
> > your secondary MX so that mail will be queued in their SMTP
> > server while
> > your connection is down. Then when you connect, just do SMTP
> > ETRN (RTFM on
> > how to do this w/ your smtp server). This way, you could
> > actually give your
> > users their own username@domain without compromising passwords.
>
> Are you asking me or instructing me? :-)
> That is a totally nice idea!!! I know you can do it. Just RTFM ;p
>
> Good luck
> --
> .-------------------------------------------------------.
> o^o | Ronneil Camara | [EMAIL PROTECTED] |
> /V\ |--------------------| +632 6354086 +63917 5326993 |
> // \\ | "The only way to `----------------------------------|
> /( )\ | stop a hacker is to think like one." |
> ^^-^^ | ...brilliant misguided youth |
> `-------------------------------------------------------'
>
> _
> Philippine Linux Users Group. Web site and archives at
http://plug.linux.org.ph
> To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
>
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
