Mercurial > dovecot > original-hg > dovecot-1.2
changeset 5380:0e64feabb0d2 HEAD
Removed security warnings from auth-master socket. They're not actually
true. The clients can only look up userdb data, which is practically the
same thing as what they can find from /etc/passwd (with system users of
course).
| author | Timo Sirainen <tss@iki.fi> |
|---|---|
| date | Thu, 22 Mar 2007 02:06:24 +0200 |
| parents | 678621b6f1e0 |
| children | ba8da13e71da |
| files | dovecot-example.conf |
| diffstat | 1 files changed, 4 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/dovecot-example.conf Thu Mar 22 00:52:20 2007 +0200 +++ b/dovecot-example.conf Thu Mar 22 02:06:24 2007 +0200 @@ -973,11 +973,9 @@ # It's possible to export the authentication interface to other programs: #socket listen { #master { - # Master socket is typically used to give Dovecot's local delivery - # agent access to userdb so it can find mailbox locations. It can - # however also be used to disturb regular user authentications. - # WARNING: Giving untrusted users access to master socket may be a - # security risk, don't give too wide permissions to it! + # Master socket provides access to userdb information. It's typically + # used to give Dovecot's local delivery agent access to userdb so it + # can find mailbox locations. #path = /var/run/dovecot/auth-master #mode = 0600 # Default user/group is the one who started dovecot-auth (root) @@ -995,7 +993,7 @@ } # If you wish to use another authentication server than dovecot-auth, you can -# use connect sockets. They assumed to be already running, Dovecot's master +# use connect sockets. They are assumed to be already running, Dovecot's master # process only tries to connect to them. They don't need any other settings # than the path for the master socket, as the configuration is done elsewhere. # Note that the client sockets must exist in the login_dir.