Date: Thu, 30 Oct 1997 06:07:09 -0800 From: Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca> To: Eugeny Kuzakov <kev@lab321.ru> Cc: Yury Yaroshevsky <yk@info.dgtu.donetsk.ua>, Philippe Regnauld <regnauld@deepo.prosa.dk>, freebsd-security@freebsd.org, cschuber@uumail.gov.bc.ca Subject: Re: selective pop3 Message-ID: <199710301408.GAA06472@cwsys.cwsent.com> In-Reply-To: Your message of "Fri, 31 Oct 1997 09:37:16 %2B0600." <Pine.BSF.3.96.SK.971031093604.1058B-100000@lab321.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Wed, 29 Oct 1997, Yury Yaroshevsky wrote:
>
> > > Tcp wrappers. But you can only do IP level decisions, not user-level.
> > ^^^^^^^^^
> > Only IP level???
> > If uses ident , you can restrict pop3 access for some account.
> > See man hosts_options
> Pop3 clint machine can have or no pidentd....
Auth (identd) should not be used for user authentication, as anyone with root,
e.g. any PC, can send you any information he/she pleases. This is one the
problems with all of the original Berkeley "r" commands: Authentification was
done at the client. Unless your POP users are connecting from a UNIX host
that you control, there is no way you can trust identd (or the Berkeley "r"
commands).
In short identd should only be used in logging. Even then you should consider
the information gathered from a remote identd suspect.
>
> Best wishes, Eugeny Kuzakov
> Laboratory 321 ( Omsk, Russia )
> kev@lab321.ru
>
>
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
UNIX Support OV/VM: BCSC02(CSCHUBER)
ITSD BITNET: CSCHUBER@BCSC02.BITNET
Government of BC Internet: cschuber@uumail.gov.bc.ca
Cy.Schubert@gems8.gov.bc.ca
"Quit spooling around, JES do it."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710301408.GAA06472>