Re: [Exim] Exim and PAM, again

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: exim-users
Subject: Re: [Exim] Exim and PAM, again
On 2000-09-13 at 15:00 +0100, Nigel Metheringham gifted us with:
> I think, although I would like confirmation of this, that its
> impossible to use PAM with exim on most shadow password based systems,
> because exim mostly runs as non-root (unless your configuration does
> otherwise) and you cannot see into shadow password files as non-root.
> [RH has a helper to get round that *but* it only works for checking the
> password related to the UID that you are currently running as]


Depends - are you trying to get Exim to authenticate using the account
system password? If so, doesn't unauthenticated use, if tried,
immediately compromise the account if you allow normal logins with
passwords (eg, via SSH)?

According to:
<http://www.kernel.org/pub/linux/libs/pam/modules.html>
there's a module:
pam_pwdfile
Charl Botha has written an auth service PAM module that can be
pointed at any username:crypted_password file so that separate sets
of passwords can be had for different services on the same machine.

link: <http://cpbotha.net/pam_pwdfile.html>

Does this help at all?
--
A science is said to be useful if its development tends to accentuate the
existing inequalities in the distribution of wealth, or more directly promotes
the destruction of human life - Godfrey Hardy, A Mathematician's Apology, 1941