On Wed, Sep 13, 2000 at 03:00:17PM +0100, Nigel Metheringham wrote:
> I think, although I would like confirmation of this, that its
> impossible to use PAM with exim on most shadow password based systems,
> because exim mostly runs as non-root (unless your configuration does
> otherwise) and you cannot see into shadow password files as non-root.
> [RH has a helper to get round that *but* it only works for checking the
> password related to the UID that you are currently running as]
This would be kind of bizzare, and would seem to defeat the purpose of
PAM somewhat. That doesn't mean it's not true, however.
> BTW Am I right in thinking that CRAM-MD5 will be impossible to
> implement on systems where the clear text password is not available on
> the server in some form?
Yes, which makes it unsuitable for publically accessable systems, IMHO.
At least a man in the middle attack only gets one password at a time.
Christi
--
Christi Scarborough, Systems Administrator, FutureTV
http://www.futuretv.com/
FutureTV Labs Ltd, Brunswick House, 61-69 Newmarket Rd, Cambridge, CB5 8EG, UK
Tel: +44 (0)1223 576100 (switchboard) +44 (0)1223 478660 (direct line)