ok thx :)
Btw. i've installed it and it runs fine, but only now do i find out that i am supposed
to supply the
commandline with a chackpassword program (the path to it).
I haven't done this, and yet it works fine.... any clue how/why? :)
/Martin
Kris Kelley wrote:
>
> Martin Jespersen wrote:
> > Does anyone know of any reason not to install this patch if the
> functionallity is kind-of-needed?
> >
> > the reason i ask is that it is listed so far down on the site that i
> thought it might not be seen
> > as a 'good' patch...
>
> Assuming by "the site" you mean qmail.org, I doubt its position on the page
> reflects any opinion about its quality.
>
> I use the mouse's patch, and so far it has delivered what it promised, with
> no side effects. Note however that there are a couple of caveats. DJB's
> checkpassword program is necessary for this patch to work, and the
> checkpassword executable may require a bit of tweaking for everything to
> execute correctly. This modification, as Mrs. Brisby has been quick to
> point out, may leave your system password file vulnerable to attack if
> you're not careful; see http://www.nimh.org/code.shtml for details. Also,
> the authentication scheme used, "AUTH=LOGIN", is not really secure, barely a
> step above sending passwords in the clear. If you're the paranoid type who
> worries about sniffers on your network, this won't be very ideal for you.
>
> Krzysztof Dabrowski has written a more robust SMTP AUTH patch based on Mrs.
> Brisby's work. In addition to LOGIN, it offers PLAIN and CRAM-MD5
> authentication techniques, the latter being more suited to those worried
> about protecting their passwords. Check out
> http://members.elysium.pl/brush/qmail-smtpd-auth/ for more information.
>
> > *feels a little stupid for asking this*
>
> *feels high and mighty for being able to answer this*
>
> I'm kidding. :)
>
> ---Kris Kelley
