Philip Hazel wrote:
>
> On Thu, 28 Mar 2002, Toshio Kumagai wrote:
>
> > Hi Philip and list,
> >
> > I found that Solaris PAM works if EXIM_USER set to root.
> > On 3.x, I've left EXIM_UID blank, it worked well.
> > But on 4.x, I've set EXIM_USER to 6 (mail).
> > So, TLS credentials (files can be read only for root)
> > and PAM stopped to work.
> > I understand that I have to run exim-4 with UID=0.
>
> This is the "standard" PAM problem. There have been a number of
> solutions posted, I seem to recall. I believe there is some helper
> module that can be used to allow PAM authentication by non-root callers.
> Someone else may be able to point you at it.
>
> I do not like the idea of running Exim (3 or 4) as root.
Yup.
But "running as root" is not so bad if the code have been
well-reviewed, IMHO.
Writing PAM wrapper is pretty easy for us, but the wrapper
may introduce vulnerability in SMTP service based on EXIM.
Anyway, I have to say thank you for your help, Philip.
And I wish myself to be one of your help.
# Umm ... sorry for my terrible English ;-)
Regards, from Japan with cherry blossoms.
--
*** Save Solaris x86 ***
Toshio Kumagai TK2959 / TK127-AP
Toshio_Kumagai@???, Japan
