DragonFly users List (threaded) for 2007-03
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
Re: To be a new DFly commiter
| From: | Joerg Sonnenberger <joerg@xxxxxxxxxxxxxxxxx> |
| Date: | Fri, 16 Mar 2007 17:45:58 +0100 |
| Mail-followup-to: | users@crater.dragonflybsd.org |
On Fri, Mar 16, 2007 at 05:17:43PM +0100, Grzegorz B?ach wrote: > a) chg default password_format do blowfish since there are known > algoritm of collision for md5. IMO the MD5 collision attacks for overrated and might not even apply in this area as this is multi-round procesising. > c) add support for openwall tcb - the alternative to shadow (with pam > module) which is more secure than pam_unix and pam_pwdb, because tools > like 'passwd' or 'chage' don't neet SUID, instead it use SGID 'shadow'. > Group 'auth' may be used to read-only access to all password hashes. HAHA. This is a good one. It is more secure to not run tools which manipulate the password db as root? If I can control any of this tools to execute code with sgid shadow, I can just manipulate the root record anyway. Sorry to be harsh. > 2. > a) Replace sendmail with postfix (with cyrus-sasl). It is faster and use > cleaner config file. . ..and cyrs-sasl is a complete mess. Please read the archive on this. > b) Add imap-uw as simple pop3 and imap4 daemon.A > c) Add stunnel for SSL/TLS access to mail-related daemon. Objected. Not essential, you can easily install them from pkgsrc or other means. Joerg
- Follow-Ups:
- Re: To be a new DFly commiter
- From: "b.estrade" <estrabd@gmail.com>
- Re: To be a new DFly commiter
- From: Grzegorz Błach <grzela@seculture.com>
- Re: To be a new DFly commiter
- References:
- To be a new DFly commiter
- From: Grzegorz Błach <grzela@seculture.com>
- To be a new DFly commiter
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]