Re: [exim] Authentication using saslauthd <-> cyrus_sasl

Pàgina inicial
Delete this message
Reply to this message
Autor: Andreas Metzler
Data:  
A: exim-users
Assumpte: Re: [exim] Authentication using saslauthd <-> cyrus_sasl
Christian Schmidt <christian@???> wrote:
> what I've got here is not a real question, but more a problem in
> understanding the authentication mechanisms.


> I configured my exim (4.50 on Debian Sarge) to use salsauthd for
> authentication. The authenticator looks like this:


> sasl_plain:
> driver = plaintext
> public_name = PLAIN
> server_condition = ${if saslauthd{{$2}{$3}}{True}{False}}


> My saslauthd is configured to use PAM for authentication.
> This works fine.


> I first tried it using:


> sasl_cram_md5:
> driver = cyrus_sasl
> public_name = CRAM-MD5
> server_realm = server.linau.de
> server_set_id = $2


CRAM-MD5 requires that server knows the clear-text password. If you
are using PAM this probably not the case and therefore cannot work.

> sasl_plain:
> driver = cyrus_sasl
> public_name = PLAIN
> server_realm = server.linau.de
> server_set_id = $2


> This did not work. I always got an error "535 Incorrect authentication
> data".


<quote>
Where access to some kind of secret file is required, for example in
GSSAPI or CRAM-MD5, it is worth noting that the authenticator runs as
the Exim user, and that the Cyrus SASL library has no way of
escalating privileges by default. You may also find you need to set
environment variables, depending on the driver you are using.
<unquote>

I /guess/ this also applies to reading data from /etc/shadow.
               cu andreas
-- 
The 'Galactic Cleaning' policy undertaken by Emperor Zhark is a personal
vision of the emperor's, and its inclusion in this work does not constitute
tacit approval by the author or the publisher for any such projects,
howsoever undertaken.                                (c) Jasper Ffforde