Re: [exim] Synchronising Authentication Between Servers

Top Pagina
Delete this message
Reply to this message
Auteur: Colin
Datum:  
Aan: exim-users
Onderwerp: Re: [exim] Synchronising Authentication Between Servers

On 09/10/2011 13:17, Phil Pennock wrote:
> On 2011-10-08 at 13:28 +0100, Colin wrote:
>> email@???:$1$SgeC%ghWgjwRfksWFAKefgnl432GI74::
>>
>> (for reference I have made up most of the characters in the password
>> string so it is not a valid password)
>>
>> I have then copied this to a Centos 6 server as /etc/exim/passwd. The
>> server is running a fairly standard copy of Exim, but I don't seem to be
>> able to get password authentication to work.
>>
>> I have dug up several guides, but they all seem to talk about using md5
>> passwords or PAM into the system accounts. None of these accounts are or
>> should be in the normal /etc/passwd.
> For PAM, there's a "pam_pwdfile" module:
>    http://www.cpbotha.net/pam_pwdfile.html
> which I've used in the past for software other than Exim.  For that,
> it's usercode:crypted format, so you'll need to lose the trailing empty
> fields.

>
> If you wish to remove PAM, note that Exim's crypteq{}{} expansion
> condition will use the system crypt() routine (if the crypted content
> does not start with an LDAP-style tag); most modern systems use that $1$
> style crypt-tagging syntax for their native crypt() routine. So again,
> if you remove those trailing colons, you can do this easily enough.
>
> Then you'd have something like (untested):
>
> auth_plain:
>    driver        = plaintext
>    public_name   = PLAIN
>    server_advertise_condition = ${if def:tls_cipher}
>    server_prompts        = :
>    server_condition      = ${lookup{$auth2}lsearch{/etc/exim/passwd}\
>                                  {${if crypteq{$auth3}{$value}}} {false}}
>    server_set_id         = ${quote:$auth2}

>
> -Phil
>


Thank you very much for the reply Phil.
Your untested auth_plain works a charm. I've amended my collection
script to not put the :: on the end and authentication now seems to
work. Turns out I'd followed a guide that used md5 passwords and had an
md5 check in the condition which of course wouldn't work seen as the
passwords aren't md5 passwords. All the OS concerned are CentOS 6 built
exactly the same so no problems with different routines.
Its late here so I've put it in place on a backup server and will give
it thorough testing tomorrow evening out of hours.
Much appreciated.
Regards,
Colin.