On Sat, Jun 22, 2002 at 02:14:33PM -0500, Derrick 'dman' Hudson wrote: | | Here are some solutions to the exim/auth/pam problem.
Here's some more info I should have included in the last message, if I
had remembered before I hit "send" :-).
1) I haven't tested any of the authenticators with a real-world mail
client. I did all my tests runing exim with "-bh ::1" and
simulating an SMTP connection using stdin/stdout. I used "PLAIN"
auth each time, and built the base64 data by running
$ echo -e -n '\0user\0pass' | base64-encode
I noticed that $1, $2, $3, etc vary based on where the nulls are
placed in the original string. I don't know what real-world
clients will send or even what the RFC mandates that they send, so
you might have to change the positional argument references for
deployment.
2) I should have included some sample /etc/pam.d/exim files in my last
message.
-- use /etc/shadow --
auth required pam_unix.so
account required pam_permit.so
-- use a separate "password" file --
-- (this one was included, thanks to Vineet Kumar) --
auth required pam_pwdfile.so pwdfile /etc/exim/auth.passwd
account required pam_permit.so
-- use an LDAP server --
-- Note: you'll need to configure /etc/nsswitch.conf,
/etc/pam_ldap.conf, and /etc/libnss_ldap.conf as well --
# use LDAP for the backend
auth required pam_ldap.so
account required pam_permit.so
I (still) don't actually know what the "account" label is for ... I
need to read up on it.
HTH,
-D
--
A wise servant will rule over a disgraceful son,
and will share the inheritance as one of the brothers.
Proverbs 17:2
http://dman.ddts.net/~dman/
pgpaPzdTfniJ2.pgp
Description: PGP signature
