Hello!
I'm running Exim4 on Debian (exim4-daemon-heavy) and am experiencing
problems with PAM-authentication.
Exim is configured like this:
,----------[ exim.conf ]----------
| begin authenticators
|
| plain:
| driver = plaintext
| public_name = PLAIN
| server_prompts = :
| server_condition = ${if pam{$2:${sg{$3}{:}{::}}}{yes}{no}}
| server_set_id = $2
|
| login:
| driver = plaintext
| public_name = LOGIN
| server_prompts = "Username:: : Password::"
| server_condition = ${if pam{$1:${sg{$2}{:}{::}}}{yes}{no}}
| server_set_id = $1
`----------
And the corresponding PAM-configuration is as follows:
,----------[ /etc/pam.d/exim ]----------
| #%PAM-1.0
|
| # there are 3 ways to authenticate
| # 1) either have the appropriate dotfile-password (for shell-users)
| auth sufficient pam_dotfile.so no_warn
|
| # 2) be in the Database
| auth sufficient pam_mysql.so host=localhost user=mail passwd=secret db=configuration table=mailboxes \
| usercolumn=login passwdcolumn=password crypt=1 sqllog=0
|
| # 3) be in group "mailbox" or "webuser"
| auth required pam_listfile.so item=group sense=allow file=/etc/popgroups onerr=fail
| # to access shadow we need a special module here
| auth required pam_exim.so use_first_pass
| account required pam_permit.so
`----------
This worked beautifully with exim-4.20.
But after trying to upgrade to 4.30 (I believe already with 4.22, but
am not so sure on this), it doesn't work at all anymore.
I'll reproduce a typical login dialog to illustrate.
(Package versions: exim4-daemon-heavy_4.30-5, libpam-dotfile-0.6-4,
libpam-mysql-0.5.0-4, libmysqlclient12-4.0.16-2,
mysql-server-4.0.13-3; hope I didn't forget something relevant)
From the client perspective, it looks like this:
$ telnet ii-tech.biz 25
Trying 217.160.215.165...
Connected to ii-tech.biz.
Escape character is '^]'.
220 ii-tech.biz ESMTP Exim 4.30 Mon, 23 Feb 2004 11:08:32 +0100
ehlo testing
250-ii-tech.biz Hello p3e9e13c0.dip.t-dialin.net [62.158.19.192]
250-SIZE 52428800
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
auth plain AHRlc3RAd29zYy5kZQBjYWJvaGlwNA==
Connection closed by foreign host.
The auth string represents a user from the MySQL-DB with the correct
password. Same results for AUTH LOGIN method.
From the server perspective, the same conversation looks like this:
# sendmail -d -bd
[...]
19509 Running PAM authentication for user "test@???"
19506 child 19509 ended: status=0xb
or like this:
# sendmail -d -bh 1.2.3.4
[...]
Running PAM authentication for user "test@???"
Segmentation fault
Does anybody know what I'm looking at here?
Thanks for your help,
Wolfgang
