[exim] A proper way to authenticate users against login name…

Top Page
Delete this message
Reply to this message
Author: Timo Neuvonen
Date:  
To: exim-users
Subject: [exim] A proper way to authenticate users against login names/passwords
A couple of years ago when I for the very first time tried it, I didn't get
Exim's user authentication working without using a 3rd party piece of
software. Then I found an 'authcheck' program that has been working well so
far. I think the problem was because Exim is running as a non-root user
(which is a must).

So, I'm checking user names against regular user login names and passwords,
not from a separate database.

Now, after upgrading to a newer platform (FC5), I've started getting
messages like this:
authcheck: Deprecated pam_stack module called from service "exim"

Obviously, this is not Exim's fault but of the possibly old-stylish code of
the authcheck utility. Anyway, now I'm wondering which way would be a
correct way to authenticate the users, obviously the method I'm using now
will stop functioning some day.

Currently, my authenticators have the following lines:

# server_condition = "${if pam{$2:$3}{yes}{no}}"
server_condition = ${run{"/usr/exim/bin/authcheck" $2 $3}{yes}{no}}
server_set_id = $2


The commented-out line above is obviously the way I've tried at first, but
it didn't work. 'authcheck' is is an external suid-to-root executable, that
works so far.

I think I've found the authcheck source from
http://www.stormbirds.org/authcheck.cxx
but now the whole site does not work, so I don't know if there is an updated
version.

I'm using Exim 4.60.

How are you others doing this?

--
TiN