search for: myrootpassword

...osenPlainText=gotcha So there is not such direct way to extract a secret as it was made possible in an attack like CRIME, but yet it may theoretically be possible to get out something useful, or wouldn't it? So I could be stupid and have a log format in Apache httpd which is like: <date> myrootpassword=iamdumb <request URI> Now in the above scenario and attacker that could eavesdrop our log collector's connections, could also make arbitrary requests to our company's webserver, thereby change places chosen plaintexts <request URI> and by the compression deduce the password....

...$recipient -- mechanisms on localhost -- -- end of saslfinger output -- ==================================================== content of /etc/pam.d/smtp : #%PAM-1.0 auth include system-auth account include system-auth What's working well: testsaslauthd -u root -p <myrootpassword> -s smtp 0: OK "Success." I don't know what's going on - it seems that testsaslauthd doesn't lookup the user 'testomat' in /etc/sasldb2 Have you got an idea? - Thanks in advance Regards Michael