[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] neomail on RAQ02

Subject: Re: [cobalt-security] neomail on RAQ02
From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
Date: Tue, 27 Nov 2001 23:34:01 -0500
Organization: Befriend Internet Services LLC
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

"Jeff Lasman" <jblists@xxxxxxxxxxxxx> wrote:
> Matthew Nuzum wrote:
>
> > Well, I don't use neomail myself, but if you want to restrict access to
> > user's of a particular site, you should be able to use one of the auth
> > mod's cobalt has built into apache.
>
> Hmmm... might work.  Can I put more than one group into the require
> line?

Yes, multiple groups (and/or users) can be specified.  See the require
directive in the 1.3 docs at apache.org.  This will allow you to limit which
sites can access neomail, but it won't prevent siteX users from logging into
neomail via siteY which will use siteY's bandwidth and append siteY's domain
to the user's from address.

> And if so, what do I need in the Authname line?

The AuthName directive just specifies the name of the realm which is
displayed in the login dialog box asking the client for the username and
password so you can put whatever you want in that line.

> neomail uses
> only one directory for all sites, so if I couldn't, I'd be limited to
> only one site (or I'd have to create a new group and manually put all
> the sites I wanted to be able to use neomail into it, and then hope that
> the cobalt sauce never writes over it.

Technically, neomail doesn't have any such limitation.  Taco's package adds
alias and scriptalias directives to the bottom of srm.conf which map the
/webmail and /neomail directories on all sites to the neomail files.  If you
want different behavior it's quite trivial to remove or uncomment those
lines from srm.conf, copy neomail to each site that you want to be able to
access neomail and restart Apache to make the changes live.  After each site
has its own copy of neomail you can add .htaccess files to limit access to
members of that site, modify the code of neomail to authenticate off a
different user list, etc. to get whatever desired functionality you require.
Before anyone asks, I'm not volunteering to hack neomail.  I once was a Perl
hacker (up to early 1999), but I rarely touch it these days, preferring PHP
(and a little C/C++) for web development.  You're more likely to catch me
modifying Squirrelmail (written in PHP), which BTW is a webmail program I
recommend for anyone looking at other webmail alternatives.

HTH,

--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/

Follow-Ups:
- Re: [cobalt-security] neomail on RAQ02
  - From: Jeff Lasman

References:
- RE: [cobalt-security] neomail on RAQ02
  - From: Matthew Nuzum
- Re: [cobalt-security] neomail on RAQ02
  - From: Jeff Lasman

Prev by Date: RE: [cobalt-security] neomail on RAQ02
Next by Date: Re: [cobalt-security] neomail on RAQ02
Previous by thread: Re: [cobalt-security] neomail on RAQ02
Next by thread: Re: [cobalt-security] neomail on RAQ02

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index