But isn't that a bad thing(tm) ? Surely you must be able to get a simple yes no on auth out of PAM with it rather doing things as root? I'd prefer not running Exim as root to prevent any possible exploits ...
Thanks, Eugene -----Original Message----- From: Phil Brutsche [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 10, 2001 5:00 PM To: Eugene van Zyl Cc: GLUG; Debian-User Subject: Re: Exim PAM SMTP Authentication, help! *** PGP Signature Status: unknown *** Signer: Unknown, Key ID = 0x50DE1CFC *** Signed: 2001/04/10 06:59:52 *** Verified: 2001/04/10 06:39:16 *** BEGIN PGP VERIFIED MESSAGE *** A long time ago, in a galaxy far, far way, someone said... > Hi, > > I'm trying Exim to authenticate users for mail relay using the SMTP > AUTH interface. I've recompiled the Debian Exim 3.12-10 source package > with the standard/default settings and only added the TCP Wrappers and > PAM support. The exim and eximon packages generated successfully and > installed fine. Only what else should I do know to allow exim to use > PAM? I've set up the fixed_plain and fixed_login entries in the conf > file with the server_condition for fixed_login (which is what Outlook > uses) as follows: > server_condition = "\ > ${if pam {$1:$2}{yes}{no}}" > > The authentication log returns the following error when I try to > authenticate: > PAM_unix[24311]: authentication failure; (uid=8) -> **unknown** for exim > service > > I've set up an exim config file in the /etc/pam.d/ dir with auth and > account required. From the above (and the spec.txt file in the exim > docs) it looks like it expects an exim user with UID 8 to initialise > the PAM service, but mail is already specified as the UID 8 GID 8 and > I don't know what'll break if I rename mail to exim. Is it possible to > create a user alias ? i.e. exim and mail is really the same user, same > passwd etc ? The problem isn't the in the name of the user that exim runs as, it's the UID. To be able to authenticate against the information in /etc/shadow exim must run as root. Put exim_user = root in exim.conf, restart exim, and try again. > Also am I approaching this PAM authentication right? For the most part. -- ---------------------------------------------------------------------- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc *** END PGP VERIFIED MESSAGE *** -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
