*DOH!*
Just found out that what it does is: it doesn't check passwords an thus authenticate
all *YIKES*
Sorry for being such a newbie...
/Martin
Martin Jespersen wrote:
>
> ok thx :)
>
> Btw. i've installed it and it runs fine, but only now do i find out that i am
>supposed to supply the
> commandline with a chackpassword program (the path to it).
>
> I haven't done this, and yet it works fine.... any clue how/why? :)
>
> /Martin
>
> Kris Kelley wrote:
> >
> > Martin Jespersen wrote:
> > > Does anyone know of any reason not to install this patch if the
> > functionallity is kind-of-needed?
> > >
> > > the reason i ask is that it is listed so far down on the site that i
> > thought it might not be seen
> > > as a 'good' patch...
> >
> > Assuming by "the site" you mean qmail.org, I doubt its position on the page
> > reflects any opinion about its quality.
> >
> > I use the mouse's patch, and so far it has delivered what it promised, with
> > no side effects. Note however that there are a couple of caveats. DJB's
> > checkpassword program is necessary for this patch to work, and the
> > checkpassword executable may require a bit of tweaking for everything to
> > execute correctly. This modification, as Mrs. Brisby has been quick to
> > point out, may leave your system password file vulnerable to attack if
> > you're not careful; see http://www.nimh.org/code.shtml for details. Also,
> > the authentication scheme used, "AUTH=LOGIN", is not really secure, barely a
> > step above sending passwords in the clear. If you're the paranoid type who
> > worries about sniffers on your network, this won't be very ideal for you.
> >
> > Krzysztof Dabrowski has written a more robust SMTP AUTH patch based on Mrs.
> > Brisby's work. In addition to LOGIN, it offers PLAIN and CRAM-MD5
> > authentication techniques, the latter being more suited to those worried
> > about protecting their passwords. Check out
> > http://members.elysium.pl/brush/qmail-smtpd-auth/ for more information.
> >
> > > *feels a little stupid for asking this*
> >
> > *feels high and mighty for being able to answer this*
> >
> > I'm kidding. :)
> >
> > ---Kris Kelley
