2) Workaround is to make explicit entries for all the POP accounts in the
users file, with a password they don't know (and couldn't guess)
DEFAULT Password="UNIX"
Service.... blah blah blah
popuser1 Password="$gr%u3$t"
blah blah blah
Now popuser1's POP account will still work, but he won't be able to dial
in...he has to use the master account. Be aware, though, that the ONLY
thing this disables is the portmaster dial-in. The user can still telnet
to your machine, and ftp, etc., etc. The safest way to get around this
that I can think of off the top of my head is to hack your POP server and
your SMTP server, so that in addition to the the usual Unix password
style, they also support users listed in a seperate file, with passwords
in that file. So the POP users wouldn't even be in /etc/passwd itself, so
they'd have no other type of access.
Interesting...how do others do this? There must be an easier way to make
multiple mailboxes for one user.
Does sendmail already have this facility, and if so, is there a UNIX POP
server that can handle it as well? How do others do this? Please email
me, as the responses will be off-subject for this list...
Thanks.
Michael Nerone | Internet Direct, Inc. | http://www.txdirect.net
nerone@txdirect.net | 722-B Isom Rd. | Please direct all queries
| San Antonio, TX 78216 | to sales@txdirect.net.
| Voice: (210)308-9800 | Direct all tech questions
| Fax: (210)308-9240 | to support@txdirect.net
Any opinions expressed herein are my own and do
not necessarily reflect those of my employer.
On Tue, 3 Oct 1995, Chris Woods wrote:
> Howdy,
>
> This actually seems like more of a RADIUS issue than a
> Portmaster-specific thing, but here it is anyway:
>
> We use Livingston's radiusd v1.16 here, running on a linux machine. We
> have a DEFAULT entry of CSLIP and Password = "UNIX". We offer a service
> type whereby one may purchase an account that has one login name
> available, but several POP boxes under that one login name. They are not
> supposed to be able to login under the mailbox name, but must login under
> the "master account" name, and then use a separate mail config to read
> their personal email. For ease of user/password maintenance, the POP
> server is the same machine as the radius server; all user accounts are
> kept on the same machine.
>
> We have noticed that *anyone* with an account on that machine can dial and
> login and be set up with the DEFAULT settings from the radius users file,
> even if that user is *not* in the users file. **This includes root***
>
> Is there a workaround for this that anyone knows about? If not, does
> merit's radiusd behave the same way? Everyone try to dial and login as
> root (not !root) with the root password of the radius server, and see what
> happens.
>
> Chris Woods Senior System Administrator USAinternet, Inc.
> GCS/CM/IT d- s++:+ a- C++++$ ULS++++$ P+++$>++++ L++++$ E W$ N+ !o
> K++ !w--- !O !M-- !V-- PS+? !PE !Y+>++ PGP+ t+@ !5 X !R tv? b+ DI++
> D+@ G++ e h---- r+++ y++++
> cjwoods@usa1.net http://www.usa1.com 508-774-4700
>