[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tpop3d-discuss]auth_flatfile woes
From: |
Chris Lightfoot |
Subject: |
Re: [tpop3d-discuss]auth_flatfile woes |
Date: |
Wed, 25 Feb 2004 10:53:30 +0000 |
User-agent: |
Mutt/1.4i |
On Mon, Feb 23, 2004 at 05:06:11PM -0000, Jim Hague wrote:
> I came across tpop3 last night while looking for a POP3 daemon to serve a tiny
> virtual mail hosting (potentially two virtual domains with tens of users
> each).
>
> I'm using 1.5.3 with flatfile authorisation on Debian stable. I found what I
> think are a couple of problems which appear to still be extant in CVS:
>
> 1. The username in the file is only ever compared against the local part of
> the
> POP3 username, even if the POP3 username includes a domain. I presume the
> file and POP3 usernames should be compared in full; I'm assuming that the
> higher level code will add the domain onto the POP3 username if retry with
> domain on fail is specified.
No, the idea is that you have different files for
different domains.
> 2. read_user_password returns the last hash in the file if none of the
> usernames
> match. It should return NULL.
Oops. Thanks for that.
--
``A decision is unreasonable if it [requires] a decision so unreasonable no
reasonable person could have reached [it].'' (Wednesbury unreasonableness)