Re: [Exim] help with Smtp_auth

Top Page
Delete this message
Reply to this message
Author: Phil Brutsche
Date:  
To: Mole
CC: exim-users@exim.org
Subject: Re: [Exim] help with Smtp_auth
A long time ago, in a galaxy far, far way, someone said...

> > [194.129.249.23]: 435 Unable to authenticate at present: Permission denied
>
> This sounds similar to the problem with PAM on Linux, which is in the
> FAQ:
>
> A0037: There is a problem using PAM on Linux with shadow passwords when the
>        calling program is not running as root. Exim is normally running as the
>        Exim user when authenticating a remote host. I don't know of an easy
>        resolution to this.


This is very true on any modern Unix system.

A number of ways to get around this:

1) Don't use system accounts for auth
2) Move system accounts to a mechanism Exim can query natively, like LDAP
3) Run Exim as root
4) Use a sort of "middle-man", such as RADIUS, to get around your problem.

One of the caveats to #4 is that Exim checks account information (to check
to see if the account has been disabled, or if there are time of day
restraints, or whatever) during the call to the pam{} expansion operator;
the pam_radius module (which Exim talks to the RADIUS server through) may
not be able to provide that.

- -- 
- ----------------------------------------------------------------------
Phil Brutsche                    pbrutsch@???


GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC
GPG key id: 50DE1CFC
GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc