Hi, I was wondering. If I have a program (imap server) that was compiled with PAM support, do I still need to run it from inetd using the tcp wrappers or is it enough to set up PAM for this application? Thanks, Avi -- Avi Schwartz Get a Life avi@CFFtechnologies.com Get Linux
Hi On Tue, Aug 22, 2000 at 09:21:32AM -0500, Avi Schwartz wrote:
I was wondering. If I have a program (imap server) that was compiled with PAM support, do I still need to run it from inetd using the tcp wrappers or is it enough to set up PAM for this application? You mentioning two completely different things here. The way of authentication (PAM in this case) shares nothing with the way the service runs as, either as a daemon or as an inetd service.
If you daemon/service does support PAM, you have to check either the service can be run as daemons or it has to be started via inetd. After that you just run it that way. _Normally_ an imap server is started by inetd though, regardless of using PAM or not. MfG/Regards, Alexander -- Alexander Reelsen http://joker.rhwd.de ref@linux.com GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB ar@rhwd.net 7D44 F4E3 1993 FDDF 552E 7C88 EE9C CBD1 F0D7 313C Securing Debian: http://joker.rhwd.de/doc/Securing-Debian-HOWTO
Hi,
I was wondering. If I have a program (imap server) that was compiled with PAM support, do I still need to run it from inetd using the tcp wrappers or is it enough to set up PAM for this application?
Thanks, Avi
PAM and tcp_wrappers are two different approaches/methods to restrict access to a service and shouldn't be mixed up: tcp_wrappers aka tcpd or libwrap.a is capable of enforcing access restrictions based on the IP or network address or range or hostname (range) (as resolved) of the host where the connection comes from. This mechanism can _not_ restrict any authentification: PAM (pluggable authentification module) works on the layer of the application and is responsible for the authentification of the user. Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -
participants (3)
-
Alexander Reelsen -
Avi Schwartz -
Roman Drahtmueller