On Oct 21, 2004, at 1:47 PM, Giuliano Gavazzi wrote:
> At 12:11 pm -0400 2004/10/21, Michael Johnson wrote:
>> I just tried commenting out the pam lookup and uncommenting the
>> netinfo lookup. I get the response in the log that it doesn't know
>> what netinfo is:
>>
>> unknown lookup type "netinfo" inside "and{...}" condition
>>
>> I've temporarily gone back to using the file with the user : pass in
>> it, but I'd rather get it from the netinfo or pam. Is it possible
>> there was something during the configuration stage I messed up? A
>> particular switch in the Local/Makefile I should have switched? If
>> so, then what?
>>
>
> wait a second! The netinfo lookup support, I was not clear enough on
> that, is something I have written some time ago and that requires a
> patch to the exim source. It is now pretty useless, at least for
> passwords, as netinfo, in 10.3, does not return passwords (encrypted
> passwords I mean) anymore.
I forgot about that. Its all encrypted in a different location with a
one way encryption. It's pretty slick actually.
> In your case, if I recall correctly, you want to look up passwords for
> cram-md5, but in this case, I repeat, you need clear text passwords
> and I would NOT use netinfo to store those, as anyone who can gain
> access to the database would be able to read them.
So you're saying I can't use /etc/pam.d/exim to access the PAM
functions? I thought the idea behind using PAM was so you could keep
the encryption and have it be a translator as it were.
It seems I'm stuck using the old method of having a file with "user :
pass" and restricting it to chmod 400 with exim as the owner. Is there
no way to get the pam lookups working on OS X right now?
What I have, and it's not working at the moment, is this:
begin authenticators
fixed_cram:
driver = cram_md5
public_name = CRAM-MD5
server_secret = ${if and {\
{!eq{$1}{}}\
{!eq{$2}{}}\
{pam{$1:${sg{$2}{:}{::}}}}\
}\
{yes}{no}}
server_set_id = $1
Is there something specific in this setup which keeps it from
authenticating? This is basicaly the only PAM authenticator I've seen
in Googling, regardless of platform with only changes from the $1 and
$2 to being $2 and $3.
-Michael
---------------------------------------
Sometimes your joy is the source of your smile, but sometimes your
smile can be the source of your joy.
--Thich Nhat Hanh