[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Follow up question...
|
From: |
Jeff Bailey |
|
Subject: |
Re: Follow up question... |
|
Date: |
Thu, 4 Apr 2002 16:39:19 -0800 |
|
User-agent: |
Mutt/1.2.5i |
On Thu, Apr 04, 2002 at 07:21:49PM -0500, xystrus wrote:
> > If pop3d and imap4d wind up installed SUID, should we somehow
> > dissallow --pam-service=STRING when not being run by root? That
> > could be an interesting security hole.
> Why do you need this facility at all?
Depending on which IP address I listen on, I may or may not accept
unencrypted passwords. I also use stunnel as an SSL wrapper, where I
will allow unencrypted passwords.
On one particular system, I'm looking at three different PAM
configurations.
--
"Frankly, trying to turn Windows into a decent educational software
development platform is about as fun as jumping naked into a pit of
rabid wolves."
- As seen on slashdot