-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said...
> But isn't that a bad thing(tm) ? It can be. > Surely you must be able to get a simple yes no on auth out of PAM with > it rather doing things as root? Sure, PAM works fine without exim running as root - I've had exim authenticate off SQL databases via PAM, with exim running as the user "mail". But exim *must* run as root to be able to authenticate using the system passwords in /etc/shadow. I know of no way around it, except for making /etc/shadow world readable, which is even more dangerous than having exim run as root. There is another way to do it, but it requires knowledge of perl, exim compiled with perl support, and a small program to handle the PAM authentication. You can skip the perl part if you can find a way to get exim run an external program directly for authentication, but I don't know right off hand if there's a way to do that. > I'd prefer not running Exim as root to prevent any possible exploits ... Understandable, but sometimes unavoidable. - -- - ---------------------------------------------------------------------- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE60zoV/ZTSZFDeHPwRAkNbAKCg/V8xnlyNmmDnzk3lp4CvYh3JIQCghog0 3B+SWFD91O1bE6clBSdpXDg= =Rbax -----END PGP SIGNATURE-----
