POP Administrator

[Petr Novotny]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 14 Mar 00, at 9:29, Marian Sabo wrote:

> Dalo by sa na klasickom stroji (DNS-named, WWW-apache, MAIL-sendmail,
> qpopper, FTP-proftpd server, RH 6.1) spravit nejakeho
> POP-account-password-administrator ? Uplne by stacilo, keby mohol
> napriklad urcitej grupe menit heslo a inac by nemal pravo zasahovat
> nijako do systemu. Proste by sa len prihlasil, mohol by si zvolit len
> svoju grupu uzivatelov a bez znalosti stareho hesla zmenit toto heslo
> ??

Jeste me napadlo pouzit qmail a vpopmail (www.inter7.com). 
Rozdelite ty skupiny uzivatelu na virtualni poddomeny, kazdou 
poddomenu vazete na realny unixovy ucet, a "POP administrator" 
subdomeny zna heslo k tomuto realnemu uctu.

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2 -- QDPGP 2.60 
Comment: http://community.wow.net/grt/qdpgp.html

iQA/AwUBOM3tmFMwP8g7qbw/EQJa9ACfccQGT1rLzlOycdc/dpii1Je75zEAnjaR
NxZnpBk0DPz+lpn0otV+ZbT8
=E6rD
-----END PGP SIGNATURE-----
--
Petr Novotny, ANTEK CS
Petr.Novotny na antek.cz
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
                                                             [Tom Waits]