bh: doc/www/src/security kolab-vendor-notice-08.txt,1.1,1.2
cvs at intevation.de
cvs at intevation.de
Thu Jan 12 22:05:30 CET 2006
Author: bh
Update of /kolabrepository/doc/www/src/security
In directory doto:/tmp/cvs-serv23891/www/src/security
Modified Files:
kolab-vendor-notice-08.txt
Log Message:
rephrase the description a bit.
Index: kolab-vendor-notice-08.txt
===================================================================
RCS file: /kolabrepository/doc/www/src/security/kolab-vendor-notice-08.txt,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- kolab-vendor-notice-08.txt 12 Jan 2006 20:27:22 -0000 1.1
+++ kolab-vendor-notice-08.txt 12 Jan 2006 21:05:28 -0000 1.2
@@ -12,11 +12,11 @@
Details
-------
-Clients that connect to port 465 for secure SMTP and try to authenticate
-itself, will have the credentials logged in /kolab/var/postfix/log/postfix.log.
-To make use of this, other untrusted unix users must exist on the server
-machine that find can read the file.
-In this case the clear text user passwords can be learned from the logfile.
+With the default configuration of the Kolab server, when a client
+connects to port 465 for secure SMTP and tries to authenticate itself
+the credentials will be logged in /kolab/var/postfix/log/postfix.log.
+Other unix users on the server system may be able to read that file and
+learn passwords from it.
Note that usually postfix.log is world readable with permissions 0644.
You can change this with chmod and in /kolab/etc/fsl/fsl.postfix.
More information about the commits
mailing list