[Exim] SMTP Authentication success on Red hat 7.2 w/ PAM

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Mark Lehrer
Data:  
Para: exim-users
Asunto: [Exim] SMTP Authentication success on Red hat 7.2 w/ PAM
In the hopes of saving a future mailing list archive searcher some
time, here is what I had to do to get basic authentication to work.
It was actually fairly simple, but the documentation is scattered all
over. I think Debian should be similar (whatever happened to LSB?).

The method I'm using here is LOGIN (aka NT LOGIN). The exim version
I'm using is 3.33. I believe this is the easiest one to coax into
working; the others will be easier once you get this method going.


Step 1: make sure you have the authentication compiled into the server.

This is the part that is already documented reasonably well. In
Local/Makefile, make sure you have this. Rebuild & make install if
you didn't.

AUTH_CRAM_MD5=yes
AUTH_PLAINTEXT=yes

Step 2: Add the rule to your /usr/exim/configure file. How about
including some examples in the default config file, or a contrib area.
I realize that there are a zillion different ways to do these but that
is the key reason why some examples would be helpful.

Here is what mine looks like:

# There are no authenticator specifications in this default configuration file.

login:
driver=plaintext
public_name=LOGIN
server_condition="${if pam{$1:$2}{1}{0}}"
server_prompts="Username:: : Password::"
server_set_id=$1


Step 3: PAM configuration. You need an /etc/pam.d/exim file. Mine
was simply copied from Courier IMAP's configuration, which I'm sure
was just copied from some other program in the past. It looks like
this:

# This is a sample authpam configuration file that uses pam_stack
# (circa linux-pam 0.72).

auth       required     pam_nologin.so
auth       required     pam_stack.so service=system-auth
account    required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth



That's it! Once I got these in place, it magically worked with
Evolution's nifty authentication auto-detection, and I was able to
relay from anywhere (host_auth_accept_relay = *).

Good luck,
Mark