On Mon, Jul 30, 2001 at 09:56:46PM -0400, Chris Johnson wrote:
> On Mon, Jul 30, 2001 at 10:55:10PM +0200, Henning Brauer wrote:
> > Singe UID setups, usually called Virtual User Setups, are requiring a
> > virtual user manager.
>
> That's not true. I've been using a roll-my-own single UID setup for ages, with
> no vpopmail or vmailmgr or anything but a custom checkpassword. It works
> beautifully and I don't have to worry about the security of non-DJB code
> (except for the cdb-enabled checkpassword, which I wrote myself).
Well, the bunch of .qmail-anything files and your custom checkpassword are
your virtual user manager than ;-))
> For someone with a small set of domains and a user base that doesn't change
> that often, I'd recommend a single-UID setup. It'll be more secure, and it'll
> give him a better understanding of how all the pieces of qmail work.
I agree regarding the understanding, I don't agree regarding the security. A
setup containing of tons of .qmail-anything files and custom checkpassword;
where the checkpassword input file and the .qmail-files must be in sync is a
bit complicated and a hell to manage, no? It may work for a few users, but with
more users... it just gets to complicated. And complicated setups aren't
secure usually, simply because the complexity causes the admin to make faults.
On the other hand, vmailmgr and vpopmail aren't network daemons, which
lowers their security risk a lot. vpopmail seems to be a bit bloated to me
(this may be totally wrong, I never used it, it's just my impression from some
mails regarding vpopmail on this list), but vmailmgr seems to be fine (I'm
mostly trusting Charles selection here ;-) ). qmail-ldap's way of handling
virtual users is really straightforward and I don't have any security
considerations there.
--
* Henning Brauer, [EMAIL PROTECTED], http://www.bsws.de *
* Roedingsmarkt 14, 20459 Hamburg, Germany *
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)
