Re: [exim] PAM parameters

Top Page

Reply to this message
Author: Ephraim Silverberg
To: Exim Mailing List
Subject: Re: [exim] PAM parameters
On Wed, 25 Sep 2013, Phil Pennock wrote:

>> Could someone tell me how to pass the ip or hostname information to the
>> pam module?
> Second option: use the forthcoming Exim 4.82 release, in which the Cyrus
> SASL support has been upgraded to pass the remote IP/host information
> into the SASL libraries. Configure the SASL system to use saslauthd and
> configure saslauthd to use PAM authentication.

I have tried this with Exim 4.82.1 on a FreeBSD 9.2 machine.

Although the authentication is sucessful with the one-time passwd (otp),
the IP still is saved a "(null)".


begin authenticators

driver = plaintext
public_name = PLAIN
server_prompts = :
server_set_id = "$2/$sender_host_address"
server_condition = ${if saslauthd{{$2}{$3}{exim}}{1}{0}}
server_advertise_condition = true

driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ${if saslauthd{{$1}{$2}{exim}}{1}{0}}
server_set_id = "$1/$sender_host_address"
server_advertise_condition = true

% ps ax | grep sasl
10154 ??  Is      0:00.01 /usr/local/sbin/saslauthd -a pam

% grep /vol/auth /etc/pam.d/exim
auth            sufficient     otp saveotp=/vol/auth/exim otpsavetimeout=43200 otpsavemode=440 otpsaveownset=exim:mail noechopass

%cat /vol/auth/exim/ephraim

Note that a similar line works properly with Dovecot:

% grep /vol/auth /etc/pam.d/dovecot 
auth            sufficient     otp saveotp=/vol/auth/dovecot otpsavetimeout=43200 otpsavemode=440 otpsaveownset=exim:mail noechopass

% cat /vol/auth/dovecot/ephraim


Any suggestions would be appreciated.

Ephraim Silverberg, CSE System Group,
Hebrew University, Jerusalem, Israel.
Phone/Fax number:     +972-2-5494521