2 Dec
2016
2 Dec
'16
7:50 p.m.
Am 02.12.2016 um 08:00 schrieb Aki Tuomi:
Workaround is to disable auth-policy component until fix is in place. This can be done by commenting out all auth_policy_* settings.
Hello,
could you be more verbose on how to verify if administrators are affected?
# doveconf -n | grep auth_policy_ | wc -l 0
but there /are/ default settings: # doveconf -d | grep auth_policy_ auth_policy_hash_mech = sha256 auth_policy_hash_nonce = auth_policy_hash_truncate = 12 auth_policy_reject_on_fail = no auth_policy_request_attributes = login=%{orig_username} pwhash=%{hashed_password} remote=%{real_rip} auth_policy_server_api_header = auth_policy_server_timeout_msecs = 2000 auth_policy_server_url =
Is such setup vulnerable?
Thanks for clarification, Andreas