Date: Fri, 21 Sep 2001 08:15:12 +0300 (EEST) From: Maxim Sobolev <sobomax@FreeBSD.org> To: dan@langille.org, ports@FreeBSD.org Cc: lioux@FreeBSD.org, kris@FreeBSD.org Subject: Re: qpopper and /etc/ftpusers Message-ID: <200109210515.IAA76507@ipcard.iptcom.net> In-Reply-To: <3BA9FBF4.13773.89DF47D@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 20 Sep 2001 14:23:48 -0400, Dan Langille wrote:
> I don't see how POP is connected to ftp users?
/me too
> This from mail/qpopper/Makefile:
> =
> CONFIGURE_ARGS=3D --enable-apop=3D${PREFIX}/etc/qpopper/pop.auth \
> --enable-nonauth-file=3D/etc/ftpusers \
> --with-apopuid=3Dpop --without-gdbm \
> --enable-keep-temp-drop
> =
> Does it make sense to do things that way? If an auth file is to be used =
at all, why not use one =
> with an appropriate name (e.g. /etc/popusers).
Yes, it is why since some 1999 I have a qpopper/Makefile.local that
overrides CONFIGURE_ARGS with --enable-auth-file=3D/etc/pop3users. :)
> The current setup breaks POLA.
No, the current setup astually preserves the POLA (it had been that
way since the beginning of time) - check cvs log for mail/qpopper/Makefile.
However, it might be a good idea to actually bite the bullet and break that
stupid POLA.
I would suggest to replace `--enable-nonauth-file=3D/etc/ftpusers' with
something like `--enable-auth-file=3D/etc/pop3users'. Among other things,
it would ensure that the default setup is the most secure.
-Maxim
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200109210515.IAA76507>