Martin Jespersen wrote:
> Does anyone know of any reason not to install this patch if the
functionallity is kind-of-needed?
>
> the reason i ask is that it is listed so far down on the site that i
thought it might not be seen
> as a 'good' patch...
Assuming by "the site" you mean qmail.org, I doubt its position on the page
reflects any opinion about its quality.
I use the mouse's patch, and so far it has delivered what it promised, with
no side effects. Note however that there are a couple of caveats. DJB's
checkpassword program is necessary for this patch to work, and the
checkpassword executable may require a bit of tweaking for everything to
execute correctly. This modification, as Mrs. Brisby has been quick to
point out, may leave your system password file vulnerable to attack if
you're not careful; see http://www.nimh.org/code.shtml for details. Also,
the authentication scheme used, "AUTH=LOGIN", is not really secure, barely a
step above sending passwords in the clear. If you're the paranoid type who
worries about sniffers on your network, this won't be very ideal for you.
Krzysztof Dabrowski has written a more robust SMTP AUTH patch based on Mrs.
Brisby's work. In addition to LOGIN, it offers PLAIN and CRAM-MD5
authentication techniques, the latter being more suited to those worried
about protecting their passwords. Check out
http://members.elysium.pl/brush/qmail-smtpd-auth/ for more information.
> *feels a little stupid for asking this*
*feels high and mighty for being able to answer this*
I'm kidding. :)
---Kris Kelley
