Hi,
while I was reading the postings to this list (I was out of office
for a while, so there where any) I saw that a lot of people having
trouble with PAM. I'm actually thinking about implementing a daemon
like the pwcheck from the Cyrus sasl library, but I'm not shure if
their soultion is as good enough.
The pwcheck daemon reads username and password from a client over
a pipe and gives back an "OK" or "not OK". I'm not a experienced
programmer but I think this could be a bottleneck and a security
problem.
On the other hand this is small and simple. Could it be an option
to improve such a daemon (maybe the Cyrus one) to do the authentication
over PAM as a kind of proxy. The daemon runs under the uid 0 and
the client gives them the username and password and expects an "OK"
or "not OK". So exim could use this proxy as a non-root user.
Any ideas and comments are welcome.
cu
Jan
> thank you for insisting on the log message and the binary as such.
> the authentication works now. i had to comment out the directive :
>
> #never_users = root
>
> and add these :
>
> exim_user = root
> exim_group = mail
>
> the authentication didn't take place because exim was running with
> paranoid uid which isn't allowed to read the password files
>
> --
> -jens-ingo
> --
> - jens-ingo
>
> --
> please use PGP when replying to this message.
> PGP public key on public key servers and
> http://www.moving-art-studio.com/sendmail.html
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
--
_______________________________________________________________________
THE BEST RUN E-BUSINESSES RUN mySAP.com
_______________________________________________________________________
Jan Schreckenbach email: Jan.Schreckenbach@???
SAP AG Walldorf/Baden, Germany Phone: +49 6227 7-47474
LinuxLab Fax : +49 6227 78-31414
SAP LinuxLab support address: linux@???