On Thu, 2004-07-29 at 01:20, Phil Jordan wrote:
> I've run tests (exim -d+expand -be) with exim both as root and as exim.
>
> (I'm running RH9 with PAM 0.75. I created a pam.d/exim file by hand
> modelled after the one used for IMAP on my system.)
>
> The test run as root succeeds, validating my authenticator code.
>
> The test run as exim fails.
>
> Before I give up on PAM and start looking at other options, can I double
> check if there's anything special I should be doing for my PAM config
> (pam.d/exim) please? According to the Exim docs PAM 0.72 and up should
> support checking from a non-root account so I had expected using PAM to
> work.
>
After input from Nathan and a few others I decided to try using it out
of the box on my FC2 box. It works fine. no problems, this is my exim
file in /etc/pam.d/
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth required /lib/security/$ISA/pam_warn.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so
password required /lib/security/$ISA/pam_cracklib.so retry=3
type=
password sufficient /lib/security/$ISA/pam_unix.so nullok
use_authtok md5shadow
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
And this is the plain authenticator I use.
plain:
driver=plaintext
public_name=PLAIN
server_prompts=:
server_condition=${if pam{$2:${sg{$3}{:}{::}}}{yes}{no}}
server_set_id = $2
All works out of the box on FC2
Ron
> Thanks
>
> Phil Jordan
>
> On Wed Jul 28, 2004 at 2:26 am, Nathan Ollerenshaw wrote
>
> >On Jul 27, 2004, at 7:45 PM, Anand Buddhdev wrote:
>
> >> If Exim is not running as root, then, when using PAM, it is not able to
> >> read /etc/shadow, and so it cannot authenticate users. One work-around
> >> is to run exim as root, but that's a very bad idea. I prefer not to use
> >> PAM at all. There are other solutions to get SMTP authentication to
> >> work.
>
> >I just tested it under FC2 as a normal user.
> >
> >No problems using PAM here :)
> >
> >Nathan.
> >
> >--
> >Nathan Ollerenshaw - Unix Systems Engineer
> >ValueCommerce - http://www.valuecommerce.ne.jp/
>
>
>
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
--
Ron McKeating
Senior IT Services Specialist
Internet Services and Software Solutions
Loughborough University
01509 222329