Chancellor of the Republic
justin at soze.net
Fri Mar 15 11:10:55 PST 2002
commence quote 2002-03-15 16:03 +0000 (authenticity not guaranteed)
by Rick Moen
> ...your shell users
> insist on using POP3 across the open Internet, insist on using MUAs that
> don't do APOP, and are unwilling to mess with SSL wrapping.Solution?
> (chroot passwd files)
> The advantage is that (1) users can then pop their mail without exposing
> shell passwords, and (2) the cracklibs will prevent them from carrying
> out the obvious dumbass user error of changing their shell passwords to
> match their POP3 ones.
You're implying you would normally give mail users that dumb shell
> And don't tell me it's impractical to recompile system daemons to, say,
> use an MD5 password database. I was doing that before you probably even
> touched a Unix box, sonny.
And now you want to migrate to some hybrid sldap/krb5 environment.
Nature has made up her mind that | None learned the art of archery
what cannot defend itself shall | from me who did not make me, in the
not be defended. --Ralph Emerson | end, the target. --Saadi of Shiraz
More information about the Crackmonkey