Re: [Exim] freebsd, auth, and pam

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Odhiambo G. Washington
Date:  
À: Eddie Irvine
CC: Exim Users
Sujet: Re: [Exim] freebsd, auth, and pam
* Eddie Irvine <irvinee@???> [20020206 02:57]: wrote:
> Hi all,
>
> New to the list - but I have searched the archives.
>
> I want to use my passwd/nis database to autheticate
> users (maybe ldap later on).
>
> So, has anyone got the above to work? If so, can you post a
> copy of your config file?
>
> I'll gladly write up the info into a "how to".



On FreeBSD, exim will _never_ be able to read the master.passwd file unless
it runs as root user, which is obviously bad. I went around this with a flat
file (authtab) which contained username:encryptedpasswd entries. That file
is owned by exim and cannot be read by anyone else other than 'the root of
all troubles' ;-)
I add user accoounts every few minutes (but they rarely use ASMTP) so I have
the authtab file regenerated every 1 hour.

That file is created using the makefile below:

##Makefile#
authtab:
        @umask 077;
        @rm -f /etc/exim/authtab
        @awk -F ":" '{if ($$3>999) {print $$1":"$$2}}' < /etc/master.passwd | grep -v "nobody:*" > $@
        @chmod 0600 $@
        @chown exim:mail $@


After that, my authenticators (Exim-3.33) are:

plain:
driver = plaintext
public_name = PLAIN
server_condition = ${if crypteq{$3}{${lookup{$2}lsearch{/etc/exim/authtab}{$value}}}{1}{0}}
server_set_id = $2

login:
driver = plaintext
public_name = LOGIN
server_prompts = Username:: : Password::
server_condition = ${if crypteq{$2}{${lookup{$1}lsearch{/etc/exim/authtab}{$value}}}{1}{0}}
server_set_id = $1


Hope that helps.


-Wash

S y s t e m s A d m i n.

--
Odhiambo Washington  <wash@???>    "The box said 'Requires
Wananchi Online Ltd.  www.wananchi.com      Windows 95, NT, or better,'
Tel: 254 2 313985-9   Fax: 254 2 313922     so I installed FreeBSD."
GSM: 254 72 743 223   GSM: 254 733 744 121  This sig is McQ!  :-)


++
Finagle's First Law:
    If an experiment works, something has gone wrong.