Re: Exim authentication
On Thu, 2002-06-20 at 04:08, Derrick 'dman' Hudson wrote:
> On Wed, Jun 19, 2002 at 11:16:04PM -0700, Paul Johnson wrote:
> | On Wed, Jun 19, 2002 at 03:20:48PM -0500, Mark Roach wrote:
> |
> | > I believe that putting the following in the authentication configuration
> | > section will allow you to use PAM. You will just need to add a file
> | > named /etc/pam.d/exim with the appropriate PAM config options
> |
> | For those of us not familiar with PAM, could we get an example of that,
> | as well?
>
> It will look much like the other files in /etc/pam.d, but with any
> different options you may prefer. For example :
>
> auth required pam_unix.so
> account required pam_unix.so
> password required pam_unix.so
>
> If you use a different authentication source (eg ldap instead of
> /etc/passwd) you would include those options.
>
> (Actually, I'm not terribly familiar with PAM, but I've managed to
> convert a couple machines at work to use LDAP instead :-). It's
> pretty cool.)
I am also using LDAP, and I am pretty sure that is why this works for us
but not Mike. Authentication against the shadow files can only ever be
done by root, but with LDAP, anyone can attempt to bind.
I am sure that someone out there has made an authentication process
which runs as root which can be authenticated against by a normal user.
If nothing else, writing a script which uses login or su to verify the
password, and using that instead of PAM in exim.conf, might be easier to
maintain (and more secure) than maintaining two copies of the shadow
files... just a thought
-Mark
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: