Re: [exim] plaintext pam

Top Page
Delete this message
Reply to this message
Author: Lena
Date:  
To: exim-users
Subject: Re: [exim] plaintext pam
> From: andreas graeper

Why pam?

> (i thought: plain -> 2:user 3:secret, login -> 1:user 2:secret)


I use:

begin authenticators
plain:
driver = plaintext
public_name = PLAIN
server_prompts = :
server_condition = ${if pam{$auth2:${sg{$auth3}{:}{::}}}}
server_set_id = $2

login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ${if pam{$auth1:${sg{$auth2}{:}{::}}}}
server_set_id = $1

I use FreeBSD. PAM modules are invoked under "mailnull" user (not root),
so besides proper file in pam.d you need to give the "mail" group
read access to the master.passwd file (then you can use either pam or crypteq),
but that's frowned upon in FreeBSD. Instead I use
POP3 server ("popa3d" port) on the same machine for authentication.
For that I created a file /etc/pam.d/exim with 2 lines:

auth required /usr/local/lib/pam_pop3.so hostname=localhost info pwprompt=Password: timeout=5
account required pam_permit.so

FreeBSD port pam_pop3 was deleted, but you can restore it with svn.
Distfile: http://lena.kiev.ua/pam_pop3-1.0.tar.gz

> what is the substitution : -> :: for ?


For case if the password contains : character[s].