From owner-freebsd-ports  Thu Sep 20 22:15:41 2001
Delivered-To: freebsd-ports@freebsd.org
Received: from ipcard.iptcom.net (ipcard.iptcom.net [212.9.224.5])
	by hub.freebsd.org (Postfix) with ESMTP
	id EA5C337B42A; Thu, 20 Sep 2001 22:15:34 -0700 (PDT)
Received: from notebook.vega.com (dialup14-23.iptelecom.net.ua [212.9.229.87])
	by ipcard.iptcom.net (8.9.3/8.9.3) with ESMTP id IAA76507;
	Fri, 21 Sep 2001 08:15:12 +0300 (EEST)
	(envelope-from sobomax@FreeBSD.org)
Date: Fri, 21 Sep 2001 08:15:12 +0300 (EEST)
Message-Id: <200109210515.IAA76507@ipcard.iptcom.net>
To: dan@langille.org, ports@FreeBSD.org
Cc: lioux@FreeBSD.org, kris@FreeBSD.org
From: Maxim Sobolev <sobomax@FreeBSD.org>
Subject: Re: qpopper and /etc/ftpusers
X-Mailer: Pygmy (v0.5.11)
In-Reply-To: <3BA9FBF4.13773.89DF47D@localhost>
Content-type: text/plain
Content-Transfer-Encoding: quoted-printable
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ports.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ports>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ports>
X-Loop: FreeBSD.org

On Thu, 20 Sep 2001 14:23:48 -0400, Dan Langille wrote:
> I don't see how POP is connected to ftp users?

/me too

> This from mail/qpopper/Makefile:
> =

> CONFIGURE_ARGS=3D --enable-apop=3D${PREFIX}/etc/qpopper/pop.auth \
>                 --enable-nonauth-file=3D/etc/ftpusers \
>                 --with-apopuid=3Dpop --without-gdbm \
>                 --enable-keep-temp-drop
> =

> Does it make sense to do things that way?  If an auth file is to be used =
at all, why not use one =

> with an appropriate name (e.g. /etc/popusers).

Yes, it is why since some 1999 I have a qpopper/Makefile.local that
overrides CONFIGURE_ARGS with --enable-auth-file=3D/etc/pop3users. :)

> The current setup breaks POLA.

No, the current setup astually preserves the POLA (it had been that
way since the beginning of time) - check cvs log for mail/qpopper/Makefile.
However, it might be a good idea to actually bite the bullet and break that
stupid POLA.

I would suggest to replace `--enable-nonauth-file=3D/etc/ftpusers' with
something like `--enable-auth-file=3D/etc/pop3users'. Among other things,
it would ensure that the default setup is the most secure.

-Maxim

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message