Thread: [ postfixadmin-Feature Requests-1690316 ] Domain administrator login - use mailbox passwords?
Brought to you by:
christian_boltz,
gingerdog
From: SourceForge.net <no...@so...> - 2007-12-30 22:00:00
|
Feature Requests item #1690316, was opened at 2007-03-29 04:18 Message generated for change (Comment added) made by christian_boltz You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=1690316&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core Group: None Status: Open Resolution: None >Priority: 4 Private: No Submitted By: Josh Cheney (sysandnet) Assigned to: Nobody/Anonymous (nobody) >Summary: Domain administrator login - use mailbox passwords? Initial Comment: Is there any reason that the domain administrator shouldn't use the mail password associated with that account? I noticed the other day that the password for the domain admin accounts is stored seperately, but still uses an email address for the user name. I would think that it would be simpler for the users (and for the admins) to have the domain admin login use the same password as the mail account. If there is a reason that this has not been done yet, just let me know, otherwise, I can make the change and submit a patch. ---------------------------------------------------------------------- >Comment By: Christian Boltz (christian_boltz) Date: 2007-12-30 23:00 Message: Logged In: YES user_id=593261 Originator: NO Good question. My personal opinion is that the passwords should stay separated. Some random thoughts: - we (developers) discussed to always encrypt admin passwords independent of $CONF['encrypt']. This would mean that admin passwords _have to_ be separate. - if admin accounts have separate passwords, they don't necessarily need to use mail addresses as account names. (I often use postmaster@<domain>, but using names like "cboltz" would fit my need better.) This would be an easy change - just remove the syntax check for admin names. Anyway - this is nothing we'll change for 2.2. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=1690316&group_id=191583 |
From: SourceForge.net <no...@so...> - 2008-01-13 18:58:38
|
Feature Requests item #1690316, was opened at 2007-03-29 04:18 Message generated for change (Comment added) made by christian_boltz You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=1690316&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core Group: None Status: Open Resolution: None Priority: 4 Private: No Submitted By: Josh Cheney (sysandnet) Assigned to: Nobody/Anonymous (nobody) Summary: Domain administrator login - use mailbox passwords? Initial Comment: Is there any reason that the domain administrator shouldn't use the mail password associated with that account? I noticed the other day that the password for the domain admin accounts is stored seperately, but still uses an email address for the user name. I would think that it would be simpler for the users (and for the admins) to have the domain admin login use the same password as the mail account. If there is a reason that this has not been done yet, just let me know, otherwise, I can make the change and submit a patch. ---------------------------------------------------------------------- >Comment By: Christian Boltz (christian_boltz) Date: 2008-01-13 19:58 Message: Logged In: YES user_id=593261 Originator: NO In case we bind the admin password to the mailbox password, we should add a checkbox to create-mailbox: [ ] is admin for $this_domain ---------------------------------------------------------------------- Comment By: Christian Boltz (christian_boltz) Date: 2007-12-30 23:00 Message: Logged In: YES user_id=593261 Originator: NO Good question. My personal opinion is that the passwords should stay separated. Some random thoughts: - we (developers) discussed to always encrypt admin passwords independent of $CONF['encrypt']. This would mean that admin passwords _have to_ be separate. - if admin accounts have separate passwords, they don't necessarily need to use mail addresses as account names. (I often use postmaster@<domain>, but using names like "cboltz" would fit my need better.) This would be an easy change - just remove the syntax check for admin names. Anyway - this is nothing we'll change for 2.2. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=1690316&group_id=191583 |
From: SourceForge.net <no...@so...> - 2009-12-06 21:00:21
|
Feature Requests item #1690316, was opened at 2007-03-28 22:18 Message generated for change (Comment added) made by roe1234 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=1690316&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core Group: None Status: Open Resolution: None Priority: 4 Private: No Submitted By: Josh Cheney (sysandnet) Assigned to: Nobody/Anonymous (nobody) Summary: Domain administrator login - use mailbox passwords? Initial Comment: Is there any reason that the domain administrator shouldn't use the mail password associated with that account? I noticed the other day that the password for the domain admin accounts is stored seperately, but still uses an email address for the user name. I would think that it would be simpler for the users (and for the admins) to have the domain admin login use the same password as the mail account. If there is a reason that this has not been done yet, just let me know, otherwise, I can make the change and submit a patch. ---------------------------------------------------------------------- Comment By: Munroe Sollog (roe1234) Date: 2009-12-06 16:00 Message: Security is always going to be a concern. However, I think that adding a checkbox to 'use mailbox credentials' is a valid feature. This feature should probably be off by default with a nice description of the potential dangers and some attack vectors to consider, like force HTTPS, IMAPS/POPS and STARTTLS etc. An alternative would be, when a mailbox user changes his/her password to also update their admin password. This has the same security concerns as above. However, if the domain admin username and the mailbox username is already the same, it isn't a bad assumption to think the passwords are the same, and the security hole already exists. ---------------------------------------------------------------------- Comment By: Christian Boltz (christian_boltz) Date: 2008-01-13 13:58 Message: Logged In: YES user_id=593261 Originator: NO In case we bind the admin password to the mailbox password, we should add a checkbox to create-mailbox: [ ] is admin for $this_domain ---------------------------------------------------------------------- Comment By: Christian Boltz (christian_boltz) Date: 2007-12-30 17:00 Message: Logged In: YES user_id=593261 Originator: NO Good question. My personal opinion is that the passwords should stay separated. Some random thoughts: - we (developers) discussed to always encrypt admin passwords independent of $CONF['encrypt']. This would mean that admin passwords _have to_ be separate. - if admin accounts have separate passwords, they don't necessarily need to use mail addresses as account names. (I often use postmaster@<domain>, but using names like "cboltz" would fit my need better.) This would be an easy change - just remove the syntax check for admin names. Anyway - this is nothing we'll change for 2.2. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937967&aid=1690316&group_id=191583 |