Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Tue, 3 Jun 2003 05:45:19 +0000
From: "Hallgrimur H. Gunnarsson" <hhg@...a.is>
To: popa3d-users@...ts.openwall.com
Subject: Re: root mail.

Hi,

On  0, Craig Hammond <Craig@...solutions.com.au> wrote:
> I have just starting using popa3d.

Welcome to the group :-)

> I'm figuring that you stop popa3d from serving roots mail for security
> reasons.
> The only reason I can think off is to stop stupid admins from sending
> the root password in cleartext over the internet.
>  
> I'm using popa3d for just for an internal email system, so security
> isn't so important.
> It is possible to change it so I can retrieve roots mail. If so, how.

The check is in set_user which is called from do_root_auth after
authentication to drop to the user (pop_root.c). The check is:

if (!pw->pw_uid) return 1;

However, as a principle i'd strongly recommend against doing this
even on an internal email system. The usual way of doing this
is to forward the mail for root, postmaster, etc to a local user
or a remote address.

-- hhg

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux