On Thu, 2002-06-20 at 04:08, Derrick 'dman' Hudson wrote: > On Wed, Jun 19, 2002 at 11:16:04PM -0700, Paul Johnson wrote: > | On Wed, Jun 19, 2002 at 03:20:48PM -0500, Mark Roach wrote: > | > | > I believe that putting the following in the authentication configuration > | > section will allow you to use PAM. You will just need to add a file > | > named /etc/pam.d/exim with the appropriate PAM config options > | > | For those of us not familiar with PAM, could we get an example of that, > | as well? > > It will look much like the other files in /etc/pam.d, but with any > different options you may prefer. For example : > > auth required pam_unix.so > account required pam_unix.so > password required pam_unix.so > > If you use a different authentication source (eg ldap instead of > /etc/passwd) you would include those options. > > (Actually, I'm not terribly familiar with PAM, but I've managed to > convert a couple machines at work to use LDAP instead :-). It's > pretty cool.)
I am also using LDAP, and I am pretty sure that is why this works for us but not Mike. Authentication against the shadow files can only ever be done by root, but with LDAP, anyone can attempt to bind. I am sure that someone out there has made an authentication process which runs as root which can be authenticated against by a normal user. If nothing else, writing a script which uses login or su to verify the password, and using that instead of PAM in exim.conf, might be easier to maintain (and more secure) than maintaining two copies of the shadow files... just a thought -Mark -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]