[tpop3d-discuss]auth_flatfile woes
Chris Lightfoot
chris at ex-parrot.com
Wed, 25 Feb 2004 10:53:30 +0000
On Mon, Feb 23, 2004 at 05:06:11PM -0000, Jim Hague wrote:
> I came across tpop3 last night while looking for a POP3 daemon to serve a tiny
> virtual mail hosting (potentially two virtual domains with tens of users each).
>
> I'm using 1.5.3 with flatfile authorisation on Debian stable. I found what I
> think are a couple of problems which appear to still be extant in CVS:
>
> 1. The username in the file is only ever compared against the local part of the
> POP3 username, even if the POP3 username includes a domain. I presume the
> file and POP3 usernames should be compared in full; I'm assuming that the
> higher level code will add the domain onto the POP3 username if retry with
> domain on fail is specified.
No, the idea is that you have different files for
different domains.
> 2. read_user_password returns the last hash in the file if none of the usernames
> match. It should return NULL.
Oops. Thanks for that.
--
``A decision is unreasonable if it [requires] a decision so unreasonable no
reasonable person could have reached [it].'' (Wednesbury unreasonableness)