Re: [Exim] SMTP AUTH with PAM on Debian/Woody (howto?)

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Andreas Gietl
Date:  
À: Andreas Metzler, Exim User Group
CC: Andreas Metzler
Sujet: Re: [Exim] SMTP AUTH with PAM on Debian/Woody (howto?)
On Sunday 02 March 2003 10:43, Andreas Metzler wrote:

> With eximv4 you could use a helper binary that runs as root to use PAM
> to check the password
> server_condition = "${run {/usr/lib/exim4/check_user $2 $3} {1}{0}}"
> but passing along sensitive information (the password) as argument to
> a command is something you don't want to do. - Anybody can see it,
> using "ps auxw".


this is a hack that in my opinion is quite ineffective.
Why call a helper binary, that calls a pam-module, that calls again a helper
binary. By this way you need to have 2 binaries with suid-bit set.

So i think the best approach is just using a pam-modul. Since pam_exim is just
a modified pam_unix module it should be pretty secure, so there is actually
no need to use the helper binary approach. Except you don't want to compile
exim with pam-support.

>
> Does anybody know how to pass information to stdin of the program
> invoked with ${run} instead?
>               thanks, cu andreas
> --
> "See, I told you they'd listen to Reason," [SPOILER] Svfurl fnlf,
> fuhggvat qbja gur juveyvat tha.
> Neal Stephenson in "Snow Crash"

>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
> details at http://www.exim.org/ ##


--
e-admin internet gmbh
Andreas Gietl                                            tel +49 941 3810884
Ludwig-Thoma-Strasse 35                      fax +49 89 244329104
93051 Regensburg                                  mobil +49 171 6070008


PGP/GPG-Key unter http://www.e-admin.de/gpg.html