Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 83415 - qmail requires checkpassword and cmd5checkpw, which aren't always used
Summary: qmail requires checkpassword and cmd5checkpw, which aren't always used
Status: VERIFIED TEST-REQUEST
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Qmail Team (OBSOLETE)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 40486
  Show dependency tree
 
Reported: 2005-02-26 15:41 UTC by Kyle England (RETIRED)
Modified: 2005-09-11 14:27 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Kyle England (RETIRED) gentoo-dev 2005-02-26 15:41:45 UTC
qmail installs both checkpassword and cmd5checkpw
This may be great for some installs, but they're not needed on others.

The recent GLSA brought this to my attention.
http://www.gentoo.org/security/en/glsa/glsa-200502-30.xml

I realize that if I'm not using it, I don't have much to worry about, but still.  If it's not needed, I don't want it on my server.

Reproducible: Always
Steps to Reproduce:
1.  emerge qmail
2.
3.



Expected Results:  
A USE flag related to checkpassword and cmd5checkpw would be nice.  If that
existed, these packages could be installed, only if needed.
Comment 1 Russell Smith 2005-05-25 17:30:43 UTC
The converse bug to this is the fact that their are multiple checkpassword
implementations.  Currently only two are in portage.  The default, and
checkpassword-pam.

However qmail requires that checkpassword is installed, as mentioned in the
initial report.  You should be able to install a different checkpassword.
Comment 2 Bernd Wurst 2005-06-06 03:17:23 UTC
I would like to add, that you can supply a use-flag named "noauthcram" in newest
qmail ebuilds. If this flag is supplied, cmd5checkpw really should not be installed!
Comment 3 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-08-10 14:25:53 UTC
The problem with this is, that if the user decides to enable the corresponding
options in conf-smtpd (cmd5checkpw), things will break. Can this be tollerated?
Comment 4 Bernd Wurst 2005-08-11 08:28:40 UTC
I obviously would say yes. ;-)

What about a "big fat warning" insde the configfile?
Comment 5 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-08-11 09:55:26 UTC
Sounds good. I'll implement this.
Comment 6 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-08-14 04:02:19 UTC
Done in CVS. Can you please check wether it's what you meant?
Comment 7 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-09-11 14:27:27 UTC
No response in a month, closing.