Re: [exim] Plain authentication with pam: Password problem

Góra strony
Delete this message
Reply to this message
Autor: Heiko Schlichting
Data:  
Dla: Frank Richter
CC: exim-users@exim.org
Temat: Re: [exim] Plain authentication with pam: Password problem
Hi,

Frank Richter wrote:
> we have configured a plain authenticator with PAM:
>
> plain:
>     driver = plaintext
>     public_name = PLAIN
>     server_prompts = :
>     # seehttp://exim.org/exim-html-current/doc/html/spec_html/ch-string_expansions.html  - pam{...
>     server_condition = ${if pam{$auth2:${sg{$auth3}{:}{::}}}{yes}{no}}
>     server_set_id = $auth2

>
> A user "tester" with a password starting with a colon can't authenticate:
>
> pam_krb5[10327]: authentication fails for 'tester:' ...
>                                               ---^

>
> Is there a workaround for users with :passwords?


We use radius instead of pam and having the same problem. Maybe you can use
a similar solution. We changed the list separator into '|' which is
a character not allowed in your password policy:

    server_condition = ${if radius{<| $auth2|$auth3}{yes}{no}}


Heiko

Heiko Schlichting                Freie Universität Berlin
heiko.schlichting@???   Zentraleinrichtung für Datenverarbeitung
Telefon +49 30 838-54327         Fabeckstraße 32
Telefax +49 30 838454327         14195 Berlin