add my name to the manpage sections AUTHORS and HISTORY and add on CAVEATS a little.

that endpwent() is not needed here.

remove a timeing a attack against users in the password database ie. if the user exists but is locked in some form the timing is longest for the strlen(pw->pw_passwd), for normal users the timing is medium near longest and for completely locked users (with passwd *) the timing is shortest...

(and reduce cpu cycles)

disabled in this commit that would cause a SIGVTALRM to go into a signal handler when a threshold of cpu time was used. May 14 10:37:31 orange popa3d[82360]: TLS multiplexer: parent of pid 35643 time used 8924 microseconds On my vps a session timeout uses arond 8 ms os CPU time, but this value is CPU dependent and not for all. I still think it's a worthy log.

set new auth dummy salt make the server really close everything after 2 minutes (alarm)

fixed strcpy() -> strlcpy(), strcat() -> strlcat() and fixed a return value of strdup().

doesn't work so I have it ifdef'ed out move struct sess to config.h

update the DESIGN to what it is today

get opened, there is a certain timing problem here right?

and then open the mailbox. popa3d doesn't use temporary files so I'm going to do this. chroot + pledge... even safer

authentication root shadow stage This way it's found easy in a ps

needed anymore.

and reports back whether a password was right or not is disassociated from the socketpair that writes back to the tls multiplexer, for this I use close, close, open, open, dup2...these calls have to succeed if not I don't care.

unveil()'ed of read-write to /dev/null otherwise the pty terminal is still open

pledge needs a flock here

implementation of popa3d