Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 83415

Summary: qmail requires checkpassword and cmd5checkpw, which aren't always used
Product: Gentoo Linux Reporter: Kyle England (RETIRED) <kengland>
Component: New packagesAssignee: Qmail Team (OBSOLETE) <qmail-bugs+disabled>
Status: VERIFIED TEST-REQUEST    
Severity: minor CC: bugzilla-gentoo, mr-russ
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 40486    

Description Kyle England (RETIRED) gentoo-dev 2005-02-26 15:41:45 UTC 
qmail installs both checkpassword and cmd5checkpw
This may be great for some installs, but they're not needed on others.

The recent GLSA brought this to my attention.
http://www.gentoo.org/security/en/glsa/glsa-200502-30.xml

I realize that if I'm not using it, I don't have much to worry about, but still.  If it's not needed, I don't want it on my server.

Reproducible: Always
Steps to Reproduce:
1.  emerge qmail
2.
3.



Expected Results:  
A USE flag related to checkpassword and cmd5checkpw would be nice.  If that
existed, these packages could be installed, only if needed.
Comment 1 Russell Smith 2005-05-25 17:30:43 UTC 
The converse bug to this is the fact that their are multiple checkpassword
implementations.  Currently only two are in portage.  The default, and
checkpassword-pam.

However qmail requires that checkpassword is installed, as mentioned in the
initial report.  You should be able to install a different checkpassword.
Comment 2 Bernd Wurst 2005-06-06 03:17:23 UTC 
I would like to add, that you can supply a use-flag named "noauthcram" in newest
qmail ebuilds. If this flag is supplied, cmd5checkpw really should not be installed!
Comment 3 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-08-10 14:25:53 UTC 
The problem with this is, that if the user decides to enable the corresponding
options in conf-smtpd (cmd5checkpw), things will break. Can this be tollerated?
Comment 4 Bernd Wurst 2005-08-11 08:28:40 UTC 
I obviously would say yes. ;-)

What about a "big fat warning" insde the configfile?
Comment 5 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-08-11 09:55:26 UTC 
Sounds good. I'll implement this.
Comment 6 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-08-14 04:02:19 UTC 
Done in CVS. Can you please check wether it's what you meant?
Comment 7 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-09-11 14:27:27 UTC 
No response in a month, closing.