Re: [exim] Re: SMTP Authentication out of the box

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMRon McKeating at <-
MMTommy Butler at ->
Delete this message
Reply to this message
Author: Andreas Metzler
Date:  
To: Exim-Users (E-mail)
Subject: Re: [exim] Re: SMTP Authentication out of the box
On 2004-12-17 Ron McKeating <R.J.Mckeating@???> wrote:
> On Thu, 2004-12-16 at 18:49, Andreas Metzler wrote:
>> David Woodhouse <dwmw2@???> wrote:
>>> On Thu, 2004-12-16 at 16:26 +0000, Ron McKeating wrote:
>>>> Not sure why anyone would want to bother to set up the sasl authd when
>>>> pam comes with fedora and works out of the box with minimal config.
>>>> There is no need for pam_exim any longer.

>>> For users whose password is in /etc/shadow? What am I missing?

>> Quote from Wiki:
>> | Also I have exim run as group exim this group needs read access on
>> |
>> | /etc/shadow
[...]
>> * <chgrp exim /etc/shadow> This will break vlock, chage, and other
>> SGID shadow stuff.
> This is what we do and we seem to be living with it ok. I know it is not
> perfect but we simply MUST have authenticated SMTP.
[...]

Hello,
You are free to break this on your own systems but I am unhappy to
advertise this in the Wiki as "the zero-problems, simple solution":
| So no need for sassl authd or pam_exim or anything else, it all just
| works.

> It is a compromise I know but if anybody has a better solution I am
> happy to listen. And no I am not going down the sasl authd route.

If you are opposed to saslauthd (which _is_ the most simple proper
solution for this problem on any Linux-distribution including a
packaged version of saslauthd) you could simply mirror the required
lines (and columns) of /etc/shadow to /etc/exim/smtp-pass with a
cronjob and use a simple lsearch instead of pam.

rm -f /etc/exim/smtp-pass.new &&\
touch /etc/exim/smtp-pass.new &&\
chmod 0600 /etc/exim/smtp-pass.new &&\
cat /etc/shadow | grep '^[^:][^:]*:[^:][^:][^:][^:][^:][^:][^:]*:' |\
grep -v ^root | cut -f 1-2 -d: > /etc/exim/smtp-pass.new &&\
chmod 0400 /etc/exim/smtp-pass.new &&\
chown exim:exim /etc/exim/smtp-pass.new &&\
mv /etc/exim/smtp-pass.new /etc/exim/smtp-pass 

Using tempfile(1) instead of hardcoding smtp-pass.new might be better,
but I've no idea how widespread tempfile(1) is today.
                cu andreas
-- 
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"
                                           http://downhill.aus.cc/



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] MBX Driver - on non MBX fileRe: [exim] PostINI and TLS - SMTP Transport errors->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)