[prev in list] [next in list] [prev in thread] [next in thread]
List: tmda-workers
Subject: Re: tmda-ofmipd security (was Re: seteuid())
From: "Jason R. Mastaler" <jason-exp-1025041945.c54d6c () mastaler ! com>
Date: 2002-06-17 22:04:25
[Download RAW message or body]
Marcus Williams <marcus@quintic.co.uk> writes:
> I was thinking you could somehow generate a crypt key from the SMTP
> auth details (username/password?). Dont know much about SMTP auth so
> I#m not sure if this is possible.
I think this would be possible, as tmda-ofmipd could internally
construct a CRYPT_KEY to use from the username/password.
> If you could generate it consistently from the auth information you
> wouldnt need it in the config files
True, but if the auth information changes (such as a new password),
the CRYPT_KEY will change, and that will cause enormous problems for
the user (e.g, all tagged addresses in circulation will be instantly
invalidated). That seems kind of fragile.
______________________________________________________
tmda-workers mailing list (tmda-workers@libertine.org)
http://libertine.org/lists/listinfo/tmda-workers
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic