From owner-freebsd-questions Thu May 2 11: 8:51 2002 Delivered-To: freebsd-questions@freebsd.org Received: from www.clubplus.net (ns1.clubplus.net [216.191.22.194]) by hub.freebsd.org (Postfix) with ESMTP id ABE5A37B41A for ; Thu, 2 May 2002 11:08:48 -0700 (PDT) Received: from skytrackercanada.com (cust29.209.188.66.dsl.accessv.com [209.188.66.29] (may be forged)) by www.clubplus.net (8.11.4/8.11.1) with ESMTP id g42I8Q323495 for ; Thu, 2 May 2002 14:08:27 -0400 Received: (from david@localhost) by skytrackercanada.com (8.12.3/8.12.3) id g42J99n4022323 for questions@freebsd.org; Thu, 2 May 2002 15:09:09 -0400 (EDT) (envelope-from david) Date: Thu, 2 May 2002 15:09:08 -0400 From: David Banning To: questions@freebsd.org Subject: security question Message-ID: <20020502150908.A22313@mail.clubplus.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I am running ssh. I am also running openwebmail. If I want to collect my mail from the web using openwebmail, then people could see my password, and then log on as me with ssh. What is a the best way to deal with this? I tried setting up a second user with nologin ability but the privileges are not in order for my mail box. I guess I could also run openwebmail with https? Any feedback would be useful. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message