Re: [exim] PAM parameters

Top Page

Reply to this message
Author: Phil Pennock
Date:  
To: Exim Mailing List
Subject: Re: [exim] PAM parameters
On 2014-09-03 at 13:06 +0300, Ephraim Silverberg wrote:
> On Wed, 25 Sep 2013, Phil Pennock wrote:
> >> Could someone tell me how to pass the ip or hostname information to the
> >> pam module?
> >
> > Second option: use the forthcoming Exim 4.82 release, in which the Cyrus
> > SASL support has been upgraded to pass the remote IP/host information
> > into the SASL libraries. Configure the SASL system to use saslauthd and
> > configure saslauthd to use PAM authentication.
>
> I have tried this with Exim 4.82.1 on a FreeBSD 9.2 machine.


> begin authenticators
>
> plain:
>    driver = plaintext


> login:
>    driver = plaintext
>    server_condition = ${if saslauthd{{$1}{$2}{exim}}{1}{0}}


I was unclear. Exim has a `cyrus_sasl` authenticator:
http://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_cyrussasl_authenticator.html

That authenticator should be passing the source address in via
`sasl_setprop()` calls.

The saslauthd expansion condition is much more limited.

See the `sasl_plain` example in the documentation page above.

-Phil