Re: [Exim] SMTP AUTH with PAM on Debian/Woody (howto?)

Top Page
Delete this message
Reply to this message
Author: Andreas Metzler
Date:  
To: Exim User Group
CC: Andreas Metzler
Subject: Re: [Exim] SMTP AUTH with PAM on Debian/Woody (howto?)
On Sun, Mar 02, 2003 at 10:39:39AM +0530, Suresh Ramasubramanian wrote:
> At 04:14 PM 3/1/2003 +0100, MaX wrote:
> >Resuming:
> >i know that exim most run as root, so at the moment
> >(in a testing server) i have put in /etc/inet.conf:


> No need - you can typically compile exim to run as mailnull:mail ...


Hello,
Not if you want to use PAM on Linux (using the pam_unix-module) - if
you are not running as root you are only allowed to check your own
password.
[...]
> Sometimes doesn't work - you need a copy of the master.passwd file or
> similar in your exim directory, chowned to the user and group ids exim runs
> as.


That's the KISS solution - don't use PAM, use the files directly
instead. ;-)

With eximv4 you could use a helper binary that runs as root to use PAM
to check the password
server_condition = "${run {/usr/lib/exim4/check_user $2 $3} {1}{0}}"
but passing along sensitive information (the password) as argument to
a command is something you don't want to do. - Anybody can see it,
using "ps auxw".

Does anybody know how to pass information to stdin of the program
invoked with ${run} instead?
              thanks, cu andreas
--
"See, I told you they'd listen to Reason," [SPOILER] Svfurl fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"