Hi all,
I'm trying to get authentication working with Exim 4. I've followed
some advice from Chris Lear, but I am still having issues.
I've tried both PAM and Courier Authdaemon issues, and the problems I
have are different.
PAM Steps and problems
When trying PAM, I have the following in my exim.conf:
plain:
driver = plaintext
public_name = PLAIN
server_advertise_condition = "${if eq{$tls_cipher}{}{no}{yes}}"
server_condition = "${if pam{$2:$3}{1}{0}}"
server_set_id = $2
login:
driver = plaintext
public_name = LOGIN
server_advertise_condition = "${if eq{$tls_cipher}{}{no}{yes}}"
server_prompts = "Username:: : Password::"
server_condition = "${if pam{$1:$2}{1}{0}}"
server_set_id = $1
When I try and send mail with that in my configuration file, my MUA
(Mail.app) keeps complaining that my password is wrong and asking me
for it again. I also see the following in the logs:
2005-09-23 16:38:18 plain authenticator failed for ([192.168.10.5])
[192.168.10.5]: 535 Incorrect authentication data (set_id=waynep)
If I change the user that exim runs as to root, I no longer get the
password failure on the Mac, I see the message arrive on the Gentoo
box, and I get this message in my log:
2005-09-23 16:32:37 1EIpXN-0007vu-Qk == anonymouslemming@???
R=send_to_gateway T=remote_smtp defer (-29): User 0 set for
remote_smtp transport is on the fixed_never_users list
The mail is then never sent onto my ISP.
From this, it looks to me like the mail user does not have
permission to authenticate against PAM, but Gentoo's exim is
configured to never allow root, even if I remove root from the
never_users list. Is this correct ?
Is there any way to allow a non-root user to authenticate against PAM ?
For reference, my /etc/pam.d/exim file is as follows:
auth required pam_unix.so shadow md5
account required pam_unix.so
Courier Authdaemon problems
When I try and use courier authdaemon, it doesn't seem to matter what
username and password I supply, the mail send just succeeds.
I am using the following in my authenticators when using authdaemon:
plain:
driver = plaintext
public_name = PLAIN
server_condition = \
${if eq {${readsocket{/usr/local/var/authdaemon/
socket}\
{AUTH ${strlen:exim\nlogin\n$2\n$3\n}\nexim\nlogin\n
$2\n$3\n}}}{FAIL\n} {no}{yes}}
server_set_id = $2
login:
driver = plaintext
public_name = LOGIN
server_prompts = Username:: : Password::
server_condition = ${if eq {${readsocket{/usr/local/var/
authdaemon/socket} \
{AUTH ${strlen:exim\nlogin\n$1\n$2\n}\nexim\nlogin\n
$1\n$2\n}}}{FAIL\n} {no}{yes}}
server_set_id = $1
If anyone has any advice, I would be most grateful!
--
Wayne Pascoe (gpg --keyserver www.co.uk.pgp.net --recv-keys 79A7C870)
Look buddy, doesn't work is a strong statement.
Does it sit on the couch all day? Is it making faces
at you? Does it want more money? Please be specific!
