On Thu, Jul 08, 2004 at 02:53:12PM +0200, Norman H. Azadian wrote:
> For exim3, FAQ 0037 says that PAM under Linux has a problem and that the
> fix involves patching the source. In the exim4 FAQ this is Q0029.
> According to this URL:
>
> http://jeremy.zawodny.com/blog/archives/000453.html
>
> the solution is as simple as inserting the lines
>
> exim_user=mail
> exim_group=shadow
>
> in /etc/exim/exim.conf. It worked for me, so if it works for others too
> then perhaps the FAQsw should be updated, and maybe the documentation as
> well. I'm running Debian with exim3.36.
It works but it's a huge security hole. Exim is intended to run as a
non-priveleged user for almost all of the time. What you are proposing
to do is have it have privileged access to crucial security information
*all* of the time, simply for the purposes of authentication (which exim
will only spend a tiny part of it's total time doing). The result is
that a successful compromise of the Exim system can give someone direct
access to the system passwords.
--
Bruce
I unfortunately do not know how to turn cheese into gold.
