Re: [Exim] *simple* pam-/etc/passwd-/etc/shadow SMTP-AUTH?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MJeff Wiegley, Ph.D. at <-
 
Delete this message
Reply to this message
Author: Andreas Metzler
Date:  
To: exim-users
Subject: Re: [Exim] *simple* pam-/etc/passwd-/etc/shadow SMTP-AUTH?
On Mon, Jul 21, 2003 at 06:09:13PM -0700, Jeff Wiegley, Ph.D. wrote:
[...]
> 1) and most important: How can I get SMTP-AUTH working with the
>    "database" that I already have created called /etc/passwd and
>    /etc/shadow?  All of my users have login accounts and the last
>    thing I want to have to do is maintain and synchronize multiple
>    authentication databases.
[...]
> Would somebody please save me and tell me the *easiest* way
> to configure exim to do SMTP-AUTH against the information
> contained in the /etc/passwd and /etc/shadow files?

Replicate the Information in /etc/exim4/passwd using something like
this cronjob:
*/10 * * * * chown root:mail /etc/exim4/passwd && chmod 0640 /etc/exim4/passwd && egrep -v '^root|^[^:]*:.:' /etc/shadow | cut -f1-2 -d: > /etc/exim4/passwd

and use the regular file lookups instead of PAM.

/Imho/ this _is_ the easiest way. Exim drops root-priviledges
before invoking the PAM code, you have to either replicate the
information or use an alternate PAM-modul instead of pam_unix. Search
with google for pam_exim if you are choosing the second alternative

[...]
> I'm totally wrong in thinking that this is probably the
> most used mechanism for SMTP-AUTH? Why is it so damn
> hard to get it working in all the MTAs I've tried?

I think you are wrong in thinking this is the most common setup,
larger installations won't have shell-users for every user and will
keep the passwords in LDAP or SQL databases. Additionally one cannot
use /etc/shadow for CRAM-MD5 authentication, you need to know the
cleartext password for that.

> 2) (Yes I did say there where two questions) Why does exim
> take so long to send the 220 mail ESMTP greeting? exactly
> 30 seconds every time. That seems too long.

Either a DNS issue or you are firewalling identd in a insane way -
either don't run it at all or 'reject' instead of 'drop' (iptables
lingo) it.

> Bonus question: What's up with the /etc/exim4/conf.d direction
> setup in the Debian package?? Nothing in the exim specifications
> indicate anything other than a single flat exim configuration
> file. Did the Debian maintainer just complicate it for the
> sake of steepening the learning curve? 

No, for easing upgrades and providing a way to interact with other
packages like exim-sa.
          cu andreas



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] How can I configure exim.conf?Re: [Exim] wildlsearch->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)