[hylafax-users] some general security hints?

["Michal Rok" <mrok@xxxxxxxx>]

Hello,

I have my fax server being used by a software developer (not connected to
faxing activities) and I wanted to tighten a bit the security level of the
hylafax server.

I have read the hosts.hfaxd man page, and features described there work
nicely for me. Since my software starts sendfax automatically when needed, I
can't enter the password manually everytime it's started. I haven't found a
way to provide the password to sendfax via the command line, so for the time
being I'm stuck with no passwords, just user@host regular expressions
matching.

Now if I say that ^root@localhost$ is allowed to access hfaxd without a
password, this can be circumvented by anyone on the local machine by:

[aa@myhost aa]$ telnet localhost 4559
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 myhost server (HylaFAX (tm) Version 4.1.8) ready.
USER root
230 User root logged in.

("aa" being the untrusted user). Is there a way to make hfaxd authenticate
against an identd (113/tcp) username rather than against the one delivered
in protocol? I could do it with tcp_wrappers, but I don't know how to wrap
hfaxd. Any hints?


regards,

Michal Rok


____________________ HylaFAX(tm) Users Mailing List _______________________
  To subscribe/unsubscribe, click http://lists.hylafax.org/cgi-bin/lsg2.cgi
 On UNIX: mail -s unsubscribe hylafax-users-request@xxxxxxxxxxx < /dev/null
  *To learn about commercial HylaFAX(tm) support, mail sales@xxxxxxxxx*