Hello,
I've set up Exim to use PAM authantication. That should return the
correct PAM return values:
PAM_SUCCESS - all good
PAM_AUTH_ERR - wrong password
PAM_USER_UNKNOWN - wrong user
I see a lot of lines like this in the mainlog:
> 2020-12-27 20:04:00 login authenticator failed for (USER) [199.192.16.253]: 435 Unable to authenticate at present (set_id=scanner@???): Permission denied
So it returns the temporary code 435 instead of the permanent code 535.
Why's that? I'm using the suggested config from the Exim manual. Should
there be a "fail" or "false" somewhere in the expansion?
> begin authenticators
>
> fixed_plain:
> driver = plaintext
> public_name = PLAIN
> server_prompts = :
> # Check password in $auth3 for user in $auth2
> server_condition = ${if pam{$auth2:${sg{$auth3}{:}{::}}}}
> server_set_id = $auth2
>
> login:
> driver = plaintext
> public_name = LOGIN
> server_prompts = Username:: : Password::
> # Check password in $auth2 for user in $auth1
> server_condition = ${if pam{$auth1:${sg{$auth2}{:}{::}}}}
> server_set_id = $auth1
-Yves
