On Mon, Aug 09, 2004 at 01:44:30PM +0100, Phil Jordan said:
> 3. I guess I could get PAM working using SASL - but as things stand, I do not
> have saslauthd configured. The machine I am using is not mine - it is a
> dedicated server provided by a hosting company, and pre-loaded with a default
> configuration which I am progressively altering to suit my needs.
This is a good approach, if it works for you.
[snip pop/imap/webmail - orthogonal]
> 6. Re "breaking" the ability for the clients to route outside our network,
> this is because the ACL is only allowing "local" deliveries in the absence of
> successful SMTP auth.
Yes.
> 7. The problems that I am seeing are related solely to the absence of a
> working SMTP auth scheme at the moment. The idea of using virtual users
> arises from the desire to construct a working SMTP auth scheme, and also from
> the fact that the email users *already* have suitable authentication data
> stored within the database of the web portal software on my server, as they
> are already registered users of that system anyway. Long term I think going
> this way would reduce my administration overhead, at the cost of the effort
> required to install and configure the new software.
If you have a small userbase, it's easy enough to maintain a flat file,
and authenticate from there. You can just copy and paste the entries
from /etc/shadow into whatever file you use for this - it seems to work
here.
In my experience so far at least, trying to do straight PAM-based auth
has not worked with exim. I am using an LDAP lookup for users, but that
overhead may not be worth it to you.
You have said this is a hosted machine, so I am not sure how much access
to what you have - if you can read /etc/shadow, if you can install
slapd, etc. I suppose you could also write a short program that
attempts to authenticate to another service (POP/IMAP/whatever) and
exits with a return code that exim could then use to see if it succeeds.
Not quite sure about the syntax of the authenticator, though.
--
--------------------------------------------------------------------------
| Stephen Gran | You teach best what you most need to |
| steve@??? | learn. |
| http://www.lobefin.net/~steve | |
--------------------------------------------------------------------------