[exim] Inconsistency authenticatication mech use in pam-mysq…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: sam
Date:  
À: exim-users
Sujet: [exim] Inconsistency authenticatication mech use in pam-mysql and exim4.
Hi,

I installed Exim4, MySQL40, PAM-MYSQL, Cyrus-SASL2,
Cyrus-SASL2-SASLAUTHD and Cyrus-IMAP22 in FreeBSD5.3.
I have verified that each authentication of login is handled by
pam-mysql and gone thru the user credential which stored in MySQL
database. However smtp authentication seems using different
authentication mech which is not supported by pam-mysql. The error when
sending email is:

2004-10-18 23:23:37 no host name found for IP address 192.168.4.235
2004-10-18 23:23:37 cram authenticator failed for ([192.168.4.235]) 
[192.168.4.235]: 435 Unable to authenticate at present 
(set_id=postmaster): lookup of "select clear from passwd where email = 
'postmaster' and clear != '' and smtp = 'yes'" gave DEFER: MYSQL 
connection failed: Host 'localhost.myserver.com' is not allowed to 
connect to this MySQL server     


As you can see the error indicated the authtentication is using cram.
But pam-mysql only able to handle plaintext, crypt and mysql encryption
only. As far as I known cram is md5 which is not included in pam-mysql.
If this is not correcty, Can anyone show me a way how to define a
consistent authentication mech in pam-mysql and exim configure file?
Please see below for various configuration.

Your suggestion is highly appreciated.
Thanks
Sam

the /etc/pam.d/imap (and smtp) setup is:
auth required pam_mysql.so user=root passwd=mypass host=localhost
db=maildb table=passwd usercolumn=name
passwdcolumn=clear crypt=0 sqllog=1
account sufficient pam_mysql.so user=root passwd=mypass host=localhost
db=maildb table=passwd usercolumn=
name passwdcolumn=clear crypt=0 sqllog=1
auth sufficient pam_unix.so
account sufficient pam_unix.so

/usr/local/etc/imapd.conf config is:
lmtp_overquota_perm_failure: no
#lmtpsocket: /var/spool/imap/public/lmtp
normalizeuid: yes
partition-default: /var/spool/imap
poptimeout: 10
quotawarn: 90
reject8bit: no
sasl_minimum_layer: 0
sasl_pwcheck_method: saslauthd
sasl_mech_list: plain login cram-md5 digest-md5
sievedir: /var/db/imap/sieve
sendmail: /usr/local/sbin/exim

exim/configure:
# MySQL database host/db/user/pass
hide mysql_servers = 127.0.0.1/maildb/root/mypass

# Domains & Names
primary_hostname = at.myserver.com

# Domains
domainlist local_domains = \
  ${lookup mysql {SELECT domain FROM domains \
    WHERE type="local" and domain="${domain}" }}
domainlist relay_to_domains = \
  ${lookup mysql {SELECT domain FROM domains \
    WHERE type="relay" }}


# Relaying
hostlist relay_from_hosts = 127.0.0.1
acl_smtp_rcpt = acl_check_rcpt
# qualify_domain = {primary_hostname}
# qualify_recipient = {primary_hostname}
# allow_domain_literals

# Never do _local_ delivery to these users.
never_users = root

# Name lookups
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 30s

begin acl

acl_check_rcpt:

  # Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
  # testing for an empty sending host field.
  accept  hosts = :
  deny    local_parts   = ^.*[@%!/|]
  accept  local_parts   = postmaster
          domains       = +local_domains
  require verify        = sender
  accept  domains       = +local_domains
          endpass
          message       = unknown user 
          verify        = recipient
  accept  domains       = +relay_to_domains
          endpass
          message       = unrouteable address
          verify        = recipient
  accept  hosts         = 
+relay_from_hosts                                                                         


  accept  authenticated = 
*                                                                                         



  deny    message       = relay not permitted



begin routers

dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more

mysql_sys_aliases:
  driver = redirect
  allow_fail
  allow_defer
  data = ${lookup mysql{SELECT dest FROM aliases \
            WHERE email='${local_part}' AND \
            type="system"}}


mysql_aliases:
  driver = redirect
  allow_fail
  allow_defer
  data = ${lookup mysql{ SELECT dest FROM aliases \
            WHERE email='${local_part}@${domain}' AND \
            type="site"}}
mysql_user:
  driver = accept
  condition = ${lookup mysql{ SELECT home FROM passwd \
        WHERE email='${local_part}@${domain}'}}
  retry_use_local_part
  transport=mysql_delivery


begin transports

remote_smtp:
driver = smtp

mysql_delivery:
  driver = appendfile
  maildir_format
  directory = \
    ${lookup mysql{SELECT maildir FROM passwd \
      WHERE email='${local_part}@${domain}'}}
  user = \
    ${lookup mysql{SELECT uid FROM passwd \
      WHERE email='${local_part}@${domain}'}}
  group = \
    ${lookup mysql{SELECT gid FROM passwd \
      WHERE email='${local_part}@${domain}'}}


begin authenticators

cram:
        driver = cram_md5
        public_name = CRAM-MD5
        server_secret = ${lookup mysql{select clear from passwd where 
email = '${quote_mysql:$1}' and clear !
= '' and smtp = 'yes'}}
        server_set_id = $1


plain:
        driver = plaintext
        public_name = PLAIN
        server_condition = ${lookup mysql{select count(*) from passwd 
where email = '${quote_mysql:$2}' and c
lear = '${quote_mysql:$3}' and clear != '' and smtp = 'yes'}}
        server_set_id = $2


login:
        driver = plaintext
        public_name = LOGIN
        server_prompts = Username:: : Password::
        server_condition = ${lookup mysql{select count(*) from passwd 
where email = '${quote_mysql:$1}' and c
lear = '${quote_mysql:$2}' and clear != '' and smtp = 'yes'}}
        server_set_id = $1