[Exim] SMTP Auth against /etc/master.passwd on FreeBSD

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Jez Hancock
Datum:  
To: Exim Users List
Betreff: [Exim] SMTP Auth against /etc/master.passwd on FreeBSD
Hi all,

I'm trying to configure ASMTP on Exim so that valid system user's can use ASMTP to send remote mail
via the server by authenticating against the system shadow password file, /etc/master.passwd.

I've followed the setup advised here:

http://marc.theaimsgroup.com/?l=exim-users&m=100541785920286&w=2

Placing an authenticator in my /usr/local/etc/exim/configure file like this:

--------------------------------------------------------------------------
######################################################################
#                   AUTHENTICATION CONFIGURATION                     #
######################################################################


# There are no authenticator specifications in this default configuration file.

begin authenticators

plain:
  driver = plaintext
  public_name = PLAIN
  server_condition = "${if and {{!eq{$2}{}}{!eq{$3}{}} \
              {crypteq{$3}{${extract{1}{:} \
{${lookup{$2}lsearch{/etc/master.passwd}{$value}{*:*}}}}}}}{1}{0}}"
  server_set_id = $2


login:
  driver = plaintext
  public_name = LOGIN
  server_prompts = "Username:: : Password::"
  server_condition = "${if and {{!eq{$1}{}}{!eq{$2}{}} \
              {crypteq{$2}{${extract{1}{:} \
{${lookup{$1}lsearch{/etc/master.passwd}{$value}{*:*}}}}}}}{1}{0}}"
  server_set_id = $1


# End of Exim configuration file
--------------------------------------------------------------------------

However the user that exim runs as (mail) doesn't have perms to read the /etc/master.passwd
file resulting in predictable errors such as:

2003-04-21 20:12:20 login authenticator failed for 213-152-51-196.dsl.eclipse.net.uk (win2k01) [213.152.51.196]: 435 Unable to authenticate at present (set_id=munk): failed to open /etc/master.passwd for linear search: Permission denied (euid=26 egid=6)

in the exim mainlog, /var/log/exim/mainlog.

Can anyone suggest possible methods for allowing users to authenticate against the system pwd
database?

Right now I'm considering a potentially dangerous method - copying the /etc/master.passwd file to
a location that is readable only by the 'mail' user. I'd rather not do this for obvious reasons!

Thanks in advance,

Jez