Re: [Exim] exim 4.14 build PAM problems (fails for shadow pa…

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Andreas Metzler
Dátum:  
Címzett: exim-users
CC: Josh Siegel, Hanasaki JiJi
Tárgy: Re: [Exim] exim 4.14 build PAM problems (fails for shadow passwd)
[Quoting fixed, could you please stop makling fullquotes]
On Sun, Mar 30, 2003 at 09:54:15AM -0800, Josh Siegel wrote:
> Hanasaki JiJi wrote:
>>Andreas Metzler wrote:

[pam_unix needs superuser permissions]
>>> You can work around this issue either by mirroring the passwords in
>>> another file that is accesible for mail:mail and use an lsearch lookup
>>> or you can try pam_exim.


>>searching for pam_exim brings up the following link.. following it leads
>>nowhere... not very encouraging for code that is going to be an
>>authentication module.


>>http://freshmeat.net/projects/pamexim/


http://www.e-admin.de/pam_exim/ was working when I last checked - less
than a month ago. :-(

>>anythoughts on an enhancement something like this:
>>    a new exim_auth program that runs as root
>>    exim is still rws of root
>>    exim spawns exim_auth at startup
>>    exim permanantly changes its runid to
>>        the id set in the make file
>>    also... how about the ability to set the id/group
>>        in the exim.conf file?


>>        AND


>>    a new compile time option to support courier imap
>>        running courier imap-ssl + exim + maildir
>>        courier already has an authdeamon


This functionality is basically already in there using
condition=${run}..., and it is very easy to use the check_user example
shipped in the source code of PAM for this example.
server_condition = "${run {/usr/lib/exim4/check_user $2 $3} {1}{0}}"

*But* passing along sensitive information (the password) as argument
to a command is something you don't want to do. - Anybody can see it,
using "ps auxw". So don't do that on a (not SE- or similar) Linux
system with user accounts.

>Take a look at:


> http://www.stormbirds.org/authcheck.cxx


The warning above applies to this one, too.
                   cu andreas