Re: [exim] Authentication for sending

Pàgina inicial
Delete this message
Reply to this message
Autor: Michael Johnson
Data:  
A: exim-users
Assumpte: Re: [exim] Authentication for sending
On Oct 21, 2004, at 1:47 PM, Giuliano Gavazzi wrote:

> At 12:11 pm -0400 2004/10/21, Michael Johnson wrote:
>> I just tried commenting out the pam lookup and uncommenting the
>> netinfo lookup. I get the response in the log that it doesn't know
>> what netinfo is:
>>
>> unknown lookup type "netinfo" inside "and{...}" condition
>>
>> I've temporarily gone back to using the file with the user : pass in
>> it, but I'd rather get it from the netinfo or pam. Is it possible
>> there was something during the configuration stage I messed up? A
>> particular switch in the Local/Makefile I should have switched? If
>> so, then what?
>>
>
> wait a second! The netinfo lookup support, I was not clear enough on
> that, is something I have written some time ago and that requires a
> patch to the exim source. It is now pretty useless, at least for
> passwords, as netinfo, in 10.3, does not return passwords (encrypted
> passwords I mean) anymore.


I forgot about that. Its all encrypted in a different location with a
one way encryption. It's pretty slick actually.

> In your case, if I recall correctly, you want to look up passwords for
> cram-md5, but in this case, I repeat, you need clear text passwords
> and I would NOT use netinfo to store those, as anyone who can gain
> access to the database would be able to read them.


So you're saying I can't use /etc/pam.d/exim to access the PAM
functions? I thought the idea behind using PAM was so you could keep
the encryption and have it be a translator as it were.

It seems I'm stuck using the old method of having a file with "user :
pass" and restricting it to chmod 400 with exim as the owner. Is there
no way to get the pam lookups working on OS X right now?

What I have, and it's not working at the moment, is this:

begin authenticators
fixed_cram:
         driver = cram_md5
         public_name = CRAM-MD5
         server_secret = ${if and        {\
                         {!eq{$1}{}}\
                         {!eq{$2}{}}\
                         {pam{$1:${sg{$2}{:}{::}}}}\
                                 }\
                 {yes}{no}}


        server_set_id = $1


Is there something specific in this setup which keeps it from
authenticating? This is basicaly the only PAM authenticator I've seen
in Googling, regardless of platform with only changes from the $1 and
$2 to being $2 and $3.

-Michael

---------------------------------------
Sometimes your joy is the source of your smile, but sometimes your
smile can be the source of your joy.

                    --Thich Nhat Hanh