On Fri, 2003-01-31 at 06:51, will trillich wrote: > 5:05am? whassa matter, couldn't sleep? (that's *my* problem -- > one of them, anyway...) > (I get most of my best work done after 2 am. :)
> i noticed (below) you used "basic" instead of "plain" so i > munged my setup to match: Actually, that was my mistake. :) I am using PLAIN. > it may be only cosmetic -- then again it may not! (are there > some pieces missing there? looks kinda scant.) I don't remember if I cut some pieces out or not. Either way, here is my plain: section in its entirety: plain: driver = plaintext public_name = PLAIN server_prompts = User Name : Password server_condition = ${if pam{$2:${sg{$3}{:}{::}}}{yes}{no}} server_set_id = $2 Just to make sure you're generating the right passwords here, I made a dummy account for testing. This is what the python script spit out: user: testuser password: password script output: testuser:teobtLiiDGEOk base64 encoded user and pass: AHRlc3R1c2VyAHBhc3N3b3Jk Gandalf:/etc/exim# ls /etc/exim/passwd -rw------- 1 mail mail 24 Jan 30 04:16 /etc/exim/passwd and Gandalf:/etc/exim# ls /etc/pam.d/exim -rw------- 1 mail mail 91 Jan 30 04:11 /etc/pam.d/exim And just to be COMPLETELY thorough, here's all the related packages I have installed: libpam-modules 0.76-7 libpam-runtime 0.76-7 libpam0g 0.76-7 libpam-pwdfile 0.6-2 exim-tls 3.35-3 That's about all I can think to check. :) Good luck. -Alex > account required pam_permit.so > auth required pam_pwdfile.so pwdfile /etc/exim/passwd > > i'm trying a skeleton /etc/exim/passwd until something starts > working, anyhow -- then i'll customize from there. > > > of course, you'll need to replace /etc/exim/passwd with the > > path to your actual password file. Also double check to make > > sure you made the passwd file and make sure you've got the > > same username/password combo in there that you're trying to > > log in with. I used the script that Derrick posted and it > > worked great for me. (not counting the fact that it's in > > python and not perl, but I guess I can't win 'em all... :) > > and i made it "chmod 600" and "chown mail.mail" as well. > > > Then just do an "exim -bh 127.0.0.1" and then: > > > > EHLO hereiam > > AUTH BASIC <output of the base64 script using both \0's> > > > > And it SHOULD work. (Should being the key term. If it doesn't, > > just post the error message and we'll go from there.) Good > > luck. :) > > and here it comes-- > > # exim -bh 192.168.1.2 > > **** SMTP testing session as if from host 192.168.1.2 > **** Not for real! > > >>> host in host_lookup? yes (*) > >>> looking up host name for 192.168.1.2 > >>> IP address lookup yielded duo > >>> Alias duo.lan > >>> host in host_reject? no (option unset) > >>> host in host_reject_recipients? no (option unset) > >>> host in auth_hosts? no (option unset) > >>> host in sender_unqualified_hosts? no (option unset) > >>> host in receiver_unqualified_hosts? no (option unset) > >>> host in helo_verify? no (option unset) > >>> host in helo_accept_junk_hosts? no (option unset) > > [no mention of "host_auth_accept_relay = *" ?] > > 220 server ESMTP Exim 3.35 #1 Fri, 31 Jan 2003 06:23:44 -0600 > ehlo herewego > 250-server Hello duo [192.168.1.2] > 250-SIZE > 250-PIPELINING > 250-AUTH BASIC > 250 HELP > auth basic [base64-encoded-\0user\0passwd\0] > >>> plain authenticator: > >>> $1 = > >>> $2 = [username-was-here] > >>> $3 = [passwd-went-here] > >>> expanded string: no > 535 Incorrect authentication data > LOG: Authentication failed for duo (herewego) [192.168.1.2]: 535 Incorrect >authentication data > > (also tried \0user\0passwd without trailing \0, no good.) so > it's still retching on me. and yet... > > # exim -be > > ${if pam{[username]:[bad-password]}{y}{nope}} > nope > > ${if pam{[username]:[right-password]}{y}{nope}} > y > > so who the hell's in charge, that's what i want to know. > apparently pam is working, but the config is rejecting it for > some reason. > > tres mucho oddness. the story of my day. and the documentation is > prfect. sure it is. > > > p.s. And once you're done with that you can start messing > > around with TLS support. That was my 2nd project and today I > > was able to, for the first time ever, send mail from my home > > mail server while away from home using username/password > > authentication over a secure connection. I was so proud. :) > > you are *exactly* where *i* want to be. (i can tell the view is > awesome!) let me guess -- you've also got the imap thing working. > of course, adding md5 as well wouldn't hurt, but that'll be > another nail in the coffin. (mine, perhaps.) i just need a few > more breadcrumbs along the path... > > -- > I use Debian/GNU Linux version 3.0; > Linux server 2.4.20-k6 #1 Mon Jan 13 23:49:14 EST 2003 i586 unknown > > DEBIAN NEWBIE TIP #90 from Der.Hans <[EMAIL PROTECTED]> > and Joey Hess <[EMAIL PROTECTED]> > : > Wondering HOW TO GET CPAN MODULES FOR PERL? > man CPAN > Not too many manpages need capital letters. (It's a Perl module > that comes with Perl, or at least has since Potato or before.) > Then, > perl -MCPAN -e 'shell' > CAVEAT: if the Perl module is not packaged in *.deb Debian > format (and about 270 are), the next best thing is to use the > dh-make-perl, which can build debian packages on the fly out of > CPAN. > > Also see http://newbieDoc.sourceForge.net/ ... >
signature.asc
Description: This is a digitally signed message part