[Dovecot] Re: Hostname passed to PAM as rhost
dean gaudet
dean-list-dovecot at arctic.org
Mon Sep 26 23:52:26 EEST 2005
On Mon, 26 Sep 2005, Tom Alsberg wrote:
> I do not recall there being a PAM item for IP address, but just for
> the remote hostname - rhost, which may be any string received by the
> application, and is only by convention expected to be the address of
> the client.
yeah pam is unfortunately the real problem here -- pam should support both
the numeric IP and the text name. the IP address is absolutely essential
for forensic analysis, however humans tend to want to read a text name...
but the text name is quite untrustworthy: even a double-reverse check is
insufficient in the cases where an attacker has control over dns
servers... how do you figure out what network block the attack came from
after the fact if the dns has been changed again?
> just write a patch for that (will probably make it configurable in
> dovecot.conf whether the PAM rhost item passed will be a hostname or
> IP address).
this is what i've done to other daemons... and i run with them in IP
address mode instead.
my old patch for PAM_RHOST for 0.99.x didn't even do DNS lookups.
-dean
More information about the dovecot
mailing list