Author: Phil Pennock Date: To: samer khalil CC: exim-users Subject: Re: [exim] Exim with PAM
On 2008-06-18 at 17:27 +0300, samer khalil wrote: > Yet when i test exim i get the following error:
>
> *2008-06-18 17:10:45 login authenticator failed for (samerkPC) [
> 192.168.1.104]: 435 Unable to authenticate at present (set_id=samerk):
> Permission denied*
>
> Am i missing somehting, do you need me to post more details ?
Running "exim -d+auth" to get debugging information, with enhanced
details on authentication, would probably be informative.
Since you're using Kerberos and don't mention it, I take it that you've
created the server principal and put it somewhere that Exim will find it
(via PAM?) SMTP uses "smtp/" principals instead of the "host/"
principals normally used for authentication for PAM sign-in.
Eg, I run "ktutil -k /etc/kerberos/tabs/exim.keytab list" and see
principals for "smtp/smtp.spodhuis.org@???" with various
ciphers.
I use Cyrus SASL, not PAM; but on a Debian-derived system, I see a
man-page for pam_krb5(8) which mentions the optional "keytab" attribute.
You'd probably want to get an smtp principal into a file readable by
the Exim running process and tell PAM to use that file for Exim with the
keytab attribute.