Re: [Exim] Exim and PAM, again

Top Page
Delete this message
Reply to this message
Author: Richard Mayhew
Date:  
To: Nigel Metheringham
CC: Christi Alice Scarborough, exim-users
Subject: Re: [Exim] Exim and PAM, again
I am using LDAP Via PAM to authenticated my users.
I found that having the file 'other' with my defined information worked.
I did however have a copy of the 'other' file called exim. I have still to test
which of the 2 it uses.

As far as I can see, I don't see why PAM can't read shadow password
files as it runs as root as far as I understand it. I am Running RH 6.2.

"""""
I think, although I would like confirmation of this, that its
impossible to use PAM with exim on most shadow password based systems,
because exim mostly runs as non-root (unless your configuration does
otherwise) and you cannot see into shadow password files as non-root.
[RH has a helper to get round that *but* it only works for checking the
password related to the UID that you are currently running as]
""""""


At 03:12 PM 00/09/13, Nigel Metheringham wrote:

>splash@??? said:
> > use the file other :)
>
>um... you presumably have a lax system where other allows things to
>authenticate... this is my other file (stock RH 6.2)
>   #%PAM-1.0
>   auth     required       /lib/security/pam_deny.so
>   account  required       /lib/security/pam_deny.so
>   password required       /lib/security/pam_deny.so
>   session  required       /lib/security/pam_deny.so

>
>I'd suggest as a start copy /etc/pam.d/login -> /etc/pam.d/exim
>Then remove lines related to securetty, nologin & console (plus
>anything similar which is not going to be relevant to exim
>authentication). That should probably leave you with one line per
>access type (auth account password session), probably all the same -
>for example /lib/security/pam_pwdb.so
>
>If you just have a single /etc/pam.conf file do the same sort of thing
>but replicate the lines starting with login and then change the prefix
>to exim.
>
>         Nigel.

>
>--
>[ - Opinions expressed are personal and may not be shared by VData - ]
>[ Nigel Metheringham                  Nigel.Metheringham@??? ]
>[ Phone: +44 1423 850000                         Fax +44 1423 858866 ]

>
>
>
>--
>## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
>details at http://www.exim.org/ ##


Regards
Richard Mayhew

Unix / Security Administrator - M-Web Cape Town - CCSE
Tel:    (021) 918 8421
Fax:    (021) 918 8385
Cell:    0833018307
SMS:    0833018307@???
ICQ:    193458
Splash Radio: http://radio.splash.co.za:8000
http://www.mweb.co.za