Re: [Exim] Accessing virtual accounts

Top Page
Delete this message
Reply to this message
Author: Bradford Carpenter
Date:  
To: exim-users
Subject: Re: [Exim] Accessing virtual accounts
On Thu, 22 Jan 2004 10:12:01 -0500, Stephen Gran wrote:
> PAM has a rather large number of plugins that can help in this
> situation. It depends on how you want to do it - I use LDAP, some
> people use a database backend, some people just use a flat file, if the
> number of users is small. There are pam modules for each of these, as I
> understand it. pam_unix (the module that authenticates against a unix
> account) is only one way of many to authenticate users.


I'd looked through the PAM documentation, and it does seem as if this
should allow authentication without an account. What I can't find in
the documentation, however, is how to set up new users and passwords.
Where does PAM look for usernames and their passwords? A simple flat
file is sufficient for my needs.

On top of this, Apple seems to have customized their PAM setup, which
complicates things. There is no pam.conf file anywhere. My PAM service
file for pop3 (borrowed from the ftp one) looks like

auth       sufficient     pam_securityserver.so
auth       required       pam_deny.so
account    required       pam_permit.so
password   required       pam_deny.so
session    required       pam_permit.so


"pam_securityserver.so" seems to be an Apple invention; it's not listed
among the PAM modules in the PAM docs. So I'm in need of yet further
documentation. The only PAM modules I have available are:

pam_deny.so
pam_netinfo.so
pam_nologin.so
pam_permit.so
pam_rootok.so
pam_securetty.so
pam_securityserver.so
pam_unix.so
pam_uwtmp.so
pam_wheel.so

> Hope that helps some.


Yes, it does actually, thank you very much. PAM seems to be the
mechanism I need, I'm just a bit short on facts to get it working.

Best Regards,
Brad