Re: [exim] Synchronising Authentication Between Servers

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Colin
CC: exim-users
New-Topics: [exim] Backup mail server
Subject: Re: [exim] Synchronising Authentication Between Servers
On 2011-10-08 at 13:28 +0100, Colin wrote:
> email@???:$1$SgeC%ghWgjwRfksWFAKefgnl432GI74::
>
> (for reference I have made up most of the characters in the password
> string so it is not a valid password)
>
> I have then copied this to a Centos 6 server as /etc/exim/passwd. The
> server is running a fairly standard copy of Exim, but I don't seem to be
> able to get password authentication to work.
>
> I have dug up several guides, but they all seem to talk about using md5
> passwords or PAM into the system accounts. None of these accounts are or
> should be in the normal /etc/passwd.


For PAM, there's a "pam_pwdfile" module:
http://www.cpbotha.net/pam_pwdfile.html
which I've used in the past for software other than Exim. For that,
it's usercode:crypted format, so you'll need to lose the trailing empty
fields.

If you wish to remove PAM, note that Exim's crypteq{}{} expansion
condition will use the system crypt() routine (if the crypted content
does not start with an LDAP-style tag); most modern systems use that $1$
style crypt-tagging syntax for their native crypt() routine. So again,
if you remove those trailing colons, you can do this easily enough.

Then you'd have something like (untested):

auth_plain:
  driver        = plaintext
  public_name   = PLAIN
  server_advertise_condition = ${if def:tls_cipher}
  server_prompts        = :
  server_condition      = ${lookup{$auth2}lsearch{/etc/exim/passwd}\
                                {${if crypteq{$auth3}{$value}}} {false}}
  server_set_id         = ${quote:$auth2}


-Phil