[Exim] Re: smtp authentication

Top Page
Delete this message
Reply to this message
Author: Derrick 'dman' Hudson
Date:  
To: exim-users
Subject: [Exim] Re: smtp authentication
--
On Tue, Jul 23, 2002 at 09:10:19AM +0100, Matt Bernstein wrote:
| At 10:07 +1000 Mitchell Smith wrote:

|
| >I am trying to authenticate from the /etc/shadow file via PAM.

[snip]
| Ahh.. are you using shadow passwords, which Exim can't read as it's not
| running as root?

|
| Someone made a pam_exim module (google for it), which might help, or (if
| you're feeling nice and insecure or just want to prove this is what bit
| you) you could stick the exim (or mail or whatever Debian call it) user a
| member of a group which can read /etc/shadow.

|
| Any good?


Nope. It's been tried before. Search the debian-user archives, a
group of us were messing with this several weeks back. Someone tried
the 'shadow'-as-secondary-group-for-'mail' trick and said it didn't
work. However, making 'mail' the owner of /etc/shadow works. My
guess was that exim wasn't picking up secondary groups at the time it
did the pam check.

Of course, if you use pam_ldap or pam_pwdfile then this issue goes
away.

Philip :
    Could this be mentioned in the spec -- if you use shadow passwords
        (via pam) then the exim user needs permission to read
        /etc/shadow


    Does exim pick up secondary groups before checking authentication?


-D

--
Do not be afraid of those who kill the body but cannot kill the soul.
Rather be afraid of the One who can destroy both soul and body in hell.
        Matthew 10:28


http://dman.ddts.net/~dman/
--
[ Content of type application/pgp-signature deleted ]
--