'Re: tmda-ofmipd security (was Re: seteuid())'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tmda-workers
Subject:    Re: tmda-ofmipd security (was Re: seteuid())
From:       "Jason R. Mastaler" <jason-exp-1025041945.c54d6c () mastaler ! com>
Date:       2002-06-17 22:04:25
[Download RAW message or body]

Marcus Williams <marcus@quintic.co.uk> writes:

> I was thinking you could somehow generate a crypt key from the SMTP
> auth details (username/password?). Dont know much about SMTP auth so
> I#m not sure if this is possible.

I think this would be possible, as tmda-ofmipd could internally
construct a CRYPT_KEY to use from the username/password.

> If you could generate it consistently from the auth information you
> wouldnt need it in the config files

True, but if the auth information changes (such as a new password),
the CRYPT_KEY will change, and that will cause enormous problems for
the user (e.g, all tagged addresses in circulation will be instantly
invalidated).  That seems kind of fragile.
______________________________________________________
tmda-workers mailing list (tmda-workers@libertine.org)
http://libertine.org/lists/listinfo/tmda-workers

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic