Re: exim tls/authentification/relaying

To: debian-user@lists.debian.org
Subject: Re: exim tls/authentification/relaying
From: Tim Dijkstra <newsuser@famdijkstra.org>
Date: Tue, 30 Jul 2002 13:06:55 +0200
Message-id: <[🔎] 20020730130655.560a63a2.newsuser@famdijkstra.org>
In-reply-to: <[🔎] 20020729215812.GG32348@localhost>
References: <[🔎] 20020729215812.GG32348@localhost>

On Mon, 29 Jul 2002 17:58:12 -0400
"christophe barbé" <christophe.barbe.ml@online.fr> wrote:

> My first idea was authentification. It works but to be safe it clearly
> needs to be done on a TLS session.
> 
> So I need to configure my exim to support TLS. My understanding is
> that if I do both server and client certificates verification, then I
> don't even need authentification.
> Unfortunately I am unsucessfull at configuring TLS.
> 
> As someone an exim.conf example for me ?
> 
I have exim setup to authenticate only over a secure channel, I don't
know about certificate certification though, it just plaintext password
authentication (using tls of course). The relevant parts of my exim.conf
are the following 

######################################################################
#                    MAIN CONFIGURATION SETTINGS                     #
######################################################################
<snip>
# Hosts that are allowed to relay as long as they authenticate over a  
# secure Channel.

host_auth_accept_relay = *
auth_over_tls_hosts = *
tls_advertise_hosts = *
#auth_always_advertise = false

# TLS support

tls_certificate = /etc/exim/org.crt
tls_privatekey = /etc/exim/org.key
<snip>
######################################################################
#                       AUTH  CONFIGURATION                          #
######################################################################
# We need to specify different methods for different mailreaders.

# First PLAIN, used by netscape messenger.
# Client sends AUTH PLAIN base64{<unknown>\0<username>\0<passwd>}

plain:
  driver = plaintext
  public_name = PLAIN
  server_condition = "${if pam{$2:$3}{1}{0}}"
  server_set_id = $2

# Client sends AUTH LOGIN, then expects server to prompt for username
# and passwd

login:
  driver = plaintext
  public_name = LOGIN
  server_prompts = "Username:: : Password::"
  server_condition = "${if pam{$1:$2}{1}{0}}"
  server_set_id = $1


As you see I use PAM, in my /etc/pam.d/exim:

auth       sufficient   pam_ldap.so
auth       required     pam_unix.so use_first_pass

account    sufficient   pam_ldap.so
account    required     pam_unix.so

session    required     pam_unix.so

password   sufficient   pam_ldap.so
password   required     pam_unix.so obscure min=4 max=8 use_first_pass

Which uses ldap for authentication.

I assume you now about certificates... you need these of course to TLS.

grts TIm


-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- exim tls/authentification/relaying
  - From: christophe barbé <christophe.barbe.ml@online.fr>

Prev by Date: AA fonts with Windowmaker and Mozilla
Next by Date: Re: Debian 3.0r0 wont 'powerdown'
Previous by thread: exim tls/authentification/relaying
Next by thread: new sendmail, new TLS: HowTo turn it off
Index(es):
- Date
- Thread