Re: [exim] Exim with PAM

Top Page
Delete this message
Reply to this message
Author: samer khalil
Date:  
To: exim-users
Subject: Re: [exim] Exim with PAM
On Thu, Jun 19, 2008 at 12:57 AM, Phil Pennock <exim-users@???>
wrote:

> On 2008-06-18 at 17:27 +0300, samer khalil wrote:
> > Yet when i test exim i get the following error:
> >
> > *2008-06-18 17:10:45 login authenticator failed for (samerkPC) [
> > 192.168.1.104]: 435 Unable to authenticate at present (set_id=samerk):
> > Permission denied*
> >
> > Am i missing somehting, do you need me to post more details ?
>
> Running "exim -d+auth" to get debugging information, with enhanced
> details on authentication, would probably be informative.
>
> Since you're using Kerberos and don't mention it, I take it that you've
> created the server principal and put it somewhere that Exim will find it
> (via PAM?) SMTP uses "smtp/" principals instead of the "host/"
> principals normally used for authentication for PAM sign-in.
>
> Eg, I run "ktutil -k /etc/kerberos/tabs/exim.keytab list" and see
> principals for "smtp/smtp.spodhuis.org@??? <http://spodhuis.org/>"
> with various
> ciphers.
>


I did not mention kerberos because it is authenticating fine, in
log/messages i have:
*Jun 18 17:28:06 chill sendmail: pam_krb5[20284]: authentication succeeds
for 'samerk' (**samerk@???* <samerk@???>*)*

The problem was in the PAM conf, i had to to point the account to
pam_krb5.so
instead of pam_unix.so:
*account required /lib/security/pam_krb5.so

*It is kind of weird since it's working with pam_unix.so on a second server.

Thanks,
SK

-----------------------------------------------------------------
Samer Khalil
Computing & Networking Services     American University of Beirut
E-Mail:samerk@??? <E-Mail%3Asamerk@???>  Room:341
Phone:961-1-350000 / Ext:2242






> Regards,
> -Phil
>