On Sunday 02 March 2003 10:43, Andreas Metzler wrote:
> With eximv4 you could use a helper binary that runs as root to use PAM
> to check the password
> server_condition = "${run {/usr/lib/exim4/check_user $2 $3} {1}{0}}"
> but passing along sensitive information (the password) as argument to
> a command is something you don't want to do. - Anybody can see it,
> using "ps auxw".
this is a hack that in my opinion is quite ineffective.
Why call a helper binary, that calls a pam-module, that calls again a helper
binary. By this way you need to have 2 binaries with suid-bit set.
So i think the best approach is just using a pam-modul. Since pam_exim is just
a modified pam_unix module it should be pretty secure, so there is actually
no need to use the helper binary approach. Except you don't want to compile
exim with pam-support.
>
> Does anybody know how to pass information to stdin of the program
> invoked with ${run} instead?
> thanks, cu andreas
> --
> "See, I told you they'd listen to Reason," [SPOILER] Svfurl fnlf,
> fuhggvat qbja gur juveyvat tha.
> Neal Stephenson in "Snow Crash"
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
> details at http://www.exim.org/ ##
--
e-admin internet gmbh
Andreas Gietl tel +49 941 3810884
Ludwig-Thoma-Strasse 35 fax +49 89 244329104
93051 Regensburg mobil +49 171 6070008
PGP/GPG-Key unter
http://www.e-admin.de/gpg.html
