|
Hylafax Mailing List Archives
|
[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
[hylafax-users] some general security hints?
Hello,
I have my fax server being used by a software developer (not connected to
faxing activities) and I wanted to tighten a bit the security level of the
hylafax server.
I have read the hosts.hfaxd man page, and features described there work
nicely for me. Since my software starts sendfax automatically when needed, I
can't enter the password manually everytime it's started. I haven't found a
way to provide the password to sendfax via the command line, so for the time
being I'm stuck with no passwords, just user@host regular expressions
matching.
Now if I say that ^root@localhost$ is allowed to access hfaxd without a
password, this can be circumvented by anyone on the local machine by:
[aa@myhost aa]$ telnet localhost 4559
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 myhost server (HylaFAX (tm) Version 4.1.8) ready.
USER root
230 User root logged in.
("aa" being the untrusted user). Is there a way to make hfaxd authenticate
against an identd (113/tcp) username rather than against the one delivered
in protocol? I could do it with tcp_wrappers, but I don't know how to wrap
hfaxd. Any hints?
regards,
Michal Rok
____________________ HylaFAX(tm) Users Mailing List _______________________
To subscribe/unsubscribe, click http://lists.hylafax.org/cgi-bin/lsg2.cgi
On UNIX: mail -s unsubscribe hylafax-users-request@xxxxxxxxxxx < /dev/null
*To learn about commercial HylaFAX(tm) support, mail sales@xxxxxxxxx*
