Horde and PGP options

Albrecht Dreß albrecht.dress at lios-tech.com
Sat Mar 20 14:59:37 CET 2010


Hi Gunnar:

Am 17.03.10 22:52 schrieb(en) Gunnar Wrobel:
> Yup. Using PGP in a webmailer is in general discouraged. There is currently no way to get this really secure.

I know.  Using a webmailer is *always* a problem, also without gnupg!

There are some scenarios, though, where it makes sense, e.g. through a tls encrypted connection, as to read encrypted messages on a pda which doesn't properly support gpg.  Educating the users to use it properly is always difficult, though...

> But of course the point you mention is extremely problematic.
> 
>> My question: Is it possible to limit the access to impPrefs as it is done for userPassword, or will this break anything?
> 
> I think it should be possible. The only thing that might not be hidden could be the ingoPrefs. I would have to test that to be certain though.

A quick test, adding

<snip>
# impPrefs may contain a pgp key, so don't let anyone accept the owner and the admins access it
access to attrs=impPrefs
	by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write
	by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" write
	by self write
	by * none stop
</snip>

below the "access to attrs=userPassword" rule in slapd.conf.template, hides (of course) impPrefs, but apparently Horde is still usable.  I'm looking for side-effects...

Thanks, Albrecht.




More information about the users mailing list