better PAM support (was: Re: [Exim] SMTP out with PAM authen…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Jan Schreckenbach
Date:  
À: exim-users
Sujet: better PAM support (was: Re: [Exim] SMTP out with PAM authentication, Debian)
Hi,

while I was reading the postings to this list (I was out of office
for a while, so there where any) I saw that a lot of people having
trouble with PAM. I'm actually thinking about implementing a daemon
like the pwcheck from the Cyrus sasl library, but I'm not shure if
their soultion is as good enough.
The pwcheck daemon reads username and password from a client over
a pipe and gives back an "OK" or "not OK". I'm not a experienced
programmer but I think this could be a bottleneck and a security
problem.
On the other hand this is small and simple. Could it be an option
to improve such a daemon (maybe the Cyrus one) to do the authentication
over PAM as a kind of proxy. The daemon runs under the uid 0 and
the client gives them the username and password and expects an "OK"
or "not OK". So exim could use this proxy as a non-root user.

Any ideas and comments are welcome.

cu
Jan

> thank you for insisting on the log message and the binary as such.
> the authentication works now. i had to comment out the directive :
>
> #never_users = root
>
> and add these :
>
> exim_user = root
> exim_group = mail
>
> the authentication didn't take place because exim was running with
> paranoid uid which isn't allowed to read the password files
>
> --
> -jens-ingo
> --
> - jens-ingo
>
> --
> please use PGP when replying to this message.
> PGP public key on public key servers and
> http://www.moving-art-studio.com/sendmail.html
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##


--
_______________________________________________________________________

THE BEST RUN E-BUSINESSES RUN mySAP.com
_______________________________________________________________________

Jan Schreckenbach                      email: Jan.Schreckenbach@???
SAP AG Walldorf/Baden, Germany         Phone: +49 6227  7-47474
LinuxLab                               Fax  : +49 6227 78-31414


SAP LinuxLab support address: linux@???