[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-anubis] 'remote' usage of anubis
From: |
Wojciech Polak |
Subject: |
Re: [bug-anubis] 'remote' usage of anubis |
Date: |
Tue, 9 Sep 2003 00:46:00 +0200 |
On Mon, 08 Sep 2003 23:14:49 +0200 Jim Cheetham wrote:
> Like Greg, I'm not entirely convinced of the value of using ident at
> all. I don't really feel that it is a suitable service to have in an
> Internet-facing role, and it feels like Anubis is using a plain-text
> authentication system over the net to access my account details, which
> makes me feel slightly nervous.
Identd only sends a user name or UID (depends from its configuration).
> ident is probably fine in an internal network, where workstations are
> just trying to access their local mail server, and the security policy
> prevents leakage of ident to the outside world ...
You may specify a firewall rule and force identd to communicate
only with GNU Anubis (with a specific host/port number).
> > GNU Anubis cannot rely on the ESMTP Authentication mechanism,
> > because the SMTP server might be a remote machine far away from
> > Anubis.
> Can Anubis use PAM? I am using v3.9.93, and I see that --with-pam is an
> option to ./configure ... I guess in this case, it would be fine to let
> PAM work out how to authenticate the connection, whether by ident or
> other challenge ...
Remotely??? We were talking about a situation where Anubis is installed
on Machine-A, and a client is located on Machine-B. This client is
using his MUA to connect to Anubis on Machine-A. So the auth service
(identd) is the only way to recognize a remote user (his user name or UID).
Regards,
Wojciech