On Thu, 2004-12-16 at 18:49, Andreas Metzler wrote:
> David Woodhouse <dwmw2@???> wrote:
> > On Thu, 2004-12-16 at 16:26 +0000, Ron McKeating wrote:
> >> Not sure why anyone would want to bother to set up the sasl authd when
> >> pam comes with fedora and works out of the box with minimal config.
> >> There is no need for pam_exim any longer.
>
> > For users whose password is in /etc/shadow? What am I missing?
>
> Quote from Wiki:
> | Also I have exim run as group exim this group needs read access on
> |
> | /etc/shadow
>
> Ron how do you propose to do this?
>
> * <chmod a+r /etc/shadow>? Ouch, why did I choose shadow-passwords in
> the first place?
> * <chgrp exim /etc/shadow> This will break vlock, chage, and other
> SGID shadow stuff.
This is what we do and we seem to be living with it ok. I know it is not
perfect but we simply MUST have authenticated SMTP. It is a compromise I
know but if anybody has a better solution I am happy to listen. And no I
am not going down the sasl authd route.
> * Run exim under group shadow? Does not sound to good to me either,
> exim/user group should be unprivileged ones to contain damage in
> case of compromise.
>
> cu andreas
> --
> "See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
> fuhggvat qbja gur juveyvat tha.
> Neal Stephenson in "Snow Crash"
> http://downhill.aus.cc/
--
Ron McKeating
Senior IT Services Specialist
Internet Services and Software Solutions
Loughborough University
01509 222329
