[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Exim SMTP Auth and /etc/shadow

Hi All,

I am setting up exim to do SMTP auth against /etc/shadow. At the end of this
e-mail is my authentication section of exim.conf.

It is all working except for the fact that the user mail does not have
permission to read /etc/shadow. If I make a copy (/etc/eximshadow) with
appropriate ownership/permissions the SMTP auth works fine, however it will
not authenticate against /etc/shadow.

To get around the permissions problem, I added mail into the shadow group,
so that the user mail DOES have permission to read /etc/shadow (i.e. su
mail -c "cat /etc/shadow" works).

However:
2002-04-02 17:52:29 Authentication failed for tazdevil.cnl.com.au (tazdevil)
[203.21.78.3]: 435 Unable to authenticate at present: failed to open
/etc/shadow for linear search: Permission denied (euid=8 egid=8)

Any ideas?

Andrew Tait
System Administrator
Country NetLink Pty, Ltd
E-Mail: andrewt@cnl.com.au
WWW: http://www.cnl.com.au
30 Bank St Cobram, VIC 3644, Australia
Ph: +61 (03) 58 711 000
Fax: +61 (03) 58 711 874

"It's the smell! If there is such a thing." Agent Smith - The Matrix

######################################################################
#                   AUTHENTICATION CONFIGURATION                     #
######################################################################

# Look in the documentation (in package exim-doc or exim-doc-html for
# information on how to set up authenticated connections.

# The examples below are for server side authentication; they allow two
# styles of plain-text authentication against an /etc/exim/passwd file
# which should have user IDs in the first column and crypted passwords
# in the second.

 plain:
   driver = plaintext
   public_name = PLAIN
   server_condition = "${if
crypteq{$2}{${extract{1}{:}{${lookup{$1}lsearch{/etc/shadow}{$value}{*:*}}}}
}{1}{0}}"
   server_set_id = $1

 login:
   driver = plaintext
   public_name = LOGIN
   server_prompts = "Username:: : Password::"
   server_condition = "${if
crypteq{$2}{${extract{1}{:}{${lookup{$1}lsearch{/etc/shadow}{$value}{*:*}}}}
}{1}{0}}"
   server_set_id = $1





-- 
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: