Re: securing pop3

To: debian-security@lists.debian.org
Subject: Re: securing pop3
From: francois@tourde.org (François TOURDE)
Date: 08 Feb 2003 16:11:57 +0100
Message-id: <[🔎] 87bs1mdcxu.fsf@tourde.org>
Reply-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20030208142333.GA24999@flexo.xssass.be>
References: <[🔎] 20030208142333.GA24999@flexo.xssass.be>

Kristof Goossens <kristof@xssass.be> writes:

> Hello all,
> 
> I need to make a pop3 account on my server. I intend to work with ipop3d to
> provide secure pop3 service. Now I want to provide this service for only
> few people, and I don't want them to have an account on the system. Well, they
> can have a pop3 account, but no other access whatsoever...

Use /bin/true as a shell script for these users. So they can use pop3 services,
without having a shell account.

> 
> I don 't like the idea of giving them an account and setting their shell to
> /bin/false. So my question is: "Is it possible to create a pop3 account without
> needing to modify the /etc/passwd file?"

You can use a Virtual POP server, but I don't remember how you must configure the
service for non shell users.

You can also disable any ssh, telnet or other "shell access" services

But globally the modification of /etc/passwd is not so bad :)

-- 
You may be marching to the beat of a different drummer, but you're
still in the parade.
-- 
François TOURDE - tourde.org - 23 rue Bernard GANTE - 93250 VILLEMOMBLE
Tél: 01 49 35 96 69 - Mob: 06 81 01 81 80
eMail: mailto:francois@tourde.org - URL: http://francois.tourde.org/

Reply to:

References:
- securing pop3
  - From: Kristof Goossens <kristof@xssass.be>

Prev by Date: Re: securing pop3
Next by Date: Re: securing pop3
Previous by thread: Re: securing pop3
Next by thread: Re: [personal] securing pop3
Index(es):
- Date
- Thread