[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-anubis] 'remote' usage of anubis

From: Wojciech Polak
Subject: Re: [bug-anubis] 'remote' usage of anubis
Date: Tue, 9 Sep 2003 00:46:00 +0200

On Mon, 08 Sep 2003 23:14:49 +0200 Jim Cheetham wrote:

> Like Greg, I'm not entirely convinced of the value of using ident at
> all. I don't really feel that it is a suitable service to have in an
> Internet-facing role, and it feels like Anubis is using a plain-text
> authentication system over the net to access my account details, which
> makes me feel slightly nervous.

Identd only sends a user name or UID (depends from its configuration).

> ident is probably fine in an internal network, where workstations are
> just trying to access their local mail server, and the security policy
> prevents leakage of ident to the outside world ...

You may specify a firewall rule and force identd to communicate
only with GNU Anubis (with a specific host/port number).

> > GNU Anubis cannot rely on the ESMTP Authentication mechanism,
> > because the SMTP server might be a remote machine far away from
> > Anubis.

> Can Anubis use PAM? I am using v3.9.93, and I see that --with-pam is an
> option to ./configure ... I guess in this case, it would be fine to let
> PAM work out how to authenticate the connection, whether by ident or
> other challenge ...

Remotely??? We were talking about a situation where Anubis is installed
on Machine-A, and a client is located on Machine-B. This client is
using his MUA to connect to Anubis on Machine-A. So the auth service
(identd) is the only way to recognize a remote user (his user name or UID).


reply via email to

[Prev in Thread] Current Thread [Next in Thread]