Exim SMTP Auth and /etc/shadow
Hi All,
I am setting up exim to do SMTP auth against /etc/shadow. At the end of this
e-mail is my authentication section of exim.conf.
It is all working except for the fact that the user mail does not have
permission to read /etc/shadow. If I make a copy (/etc/eximshadow) with
appropriate ownership/permissions the SMTP auth works fine, however it will
not authenticate against /etc/shadow.
To get around the permissions problem, I added mail into the shadow group,
so that the user mail DOES have permission to read /etc/shadow (i.e. su
mail -c "cat /etc/shadow" works).
However:
2002-04-02 17:52:29 Authentication failed for tazdevil.cnl.com.au (tazdevil)
[203.21.78.3]: 435 Unable to authenticate at present: failed to open
/etc/shadow for linear search: Permission denied (euid=8 egid=8)
Any ideas?
Andrew Tait
System Administrator
Country NetLink Pty, Ltd
E-Mail: andrewt@cnl.com.au
WWW: http://www.cnl.com.au
30 Bank St Cobram, VIC 3644, Australia
Ph: +61 (03) 58 711 000
Fax: +61 (03) 58 711 874
"It's the smell! If there is such a thing." Agent Smith - The Matrix
######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################
# Look in the documentation (in package exim-doc or exim-doc-html for
# information on how to set up authenticated connections.
# The examples below are for server side authentication; they allow two
# styles of plain-text authentication against an /etc/exim/passwd file
# which should have user IDs in the first column and crypted passwords
# in the second.
plain:
driver = plaintext
public_name = PLAIN
server_condition = "${if
crypteq{$2}{${extract{1}{:}{${lookup{$1}lsearch{/etc/shadow}{$value}{*:*}}}}
}{1}{0}}"
server_set_id = $1
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${if
crypteq{$2}{${extract{1}{:}{${lookup{$1}lsearch{/etc/shadow}{$value}{*:*}}}}
}{1}{0}}"
server_set_id = $1
--
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: