[CentOS] Need help in securing maildir so that root user should not able to read anyother user's mail

Sun Mar 18 21:09:35 UTC 2007
Andreas Rogge <arogge at gmx.de>

Am Montag, den 19.03.2007, 05:40 +0900 schrieb John Summerfield:
> You can authenticate against AD.
> 
> In principal you could use standard LDAP tools to extract the info and 
> insert it into openldap, but I don't know about passwords, and probably 
> you will want to keep AD anyway.
> 

AD is more or less LDAP + Kerberos 5
you can always use nss_winbindd or nss_ldap (which requires MSSFU schema
extensions in the AD) + pam_krb5 or even a kerberized mailserver to do
authentication.
In fact you can even forget the nss-stuff if you use a mailserver that
doesn't require users to have a system account (e.g. cyrus-imapd)

You *cannot* forbid root to do anything. And if you could you woudln't
want to do it.
The only way I could think of is enctypting the mailstore with the users
password, but if a user forgets his password you're lost.

kind regards,
Andreas Rogge


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3187 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20070318/6e6079f1/attachment-0004.bin>