On Fri, 2003-01-31 at 06:51, will trillich wrote:
> 5:05am? whassa matter, couldn't sleep? (that's *my* problem --
> one of them, anyway...)
>
(I get most of my best work done after 2 am. :)
> i noticed (below) you used "basic" instead of "plain" so i
> munged my setup to match:
Actually, that was my mistake. :) I am using PLAIN.
> it may be only cosmetic -- then again it may not! (are there
> some pieces missing there? looks kinda scant.)
I don't remember if I cut some pieces out or not. Either way, here is my
plain: section in its entirety:
plain:
driver = plaintext
public_name = PLAIN
server_prompts = User Name : Password
server_condition = ${if pam{$2:${sg{$3}{:}{::}}}{yes}{no}}
server_set_id = $2
Just to make sure you're generating the right passwords here, I made a
dummy account for testing. This is what the python script spit out:
user: testuser
password: password
script output: testuser:teobtLiiDGEOk
base64 encoded user and pass: AHRlc3R1c2VyAHBhc3N3b3Jk
Gandalf:/etc/exim# ls /etc/exim/passwd
-rw------- 1 mail mail 24 Jan 30 04:16 /etc/exim/passwd
and
Gandalf:/etc/exim# ls /etc/pam.d/exim
-rw------- 1 mail mail 91 Jan 30 04:11 /etc/pam.d/exim
And just to be COMPLETELY thorough, here's all the related packages I
have installed:
libpam-modules 0.76-7
libpam-runtime 0.76-7
libpam0g 0.76-7
libpam-pwdfile 0.6-2
exim-tls 3.35-3
That's about all I can think to check. :) Good luck.
-Alex
> account required pam_permit.so
> auth required pam_pwdfile.so pwdfile /etc/exim/passwd
>
> i'm trying a skeleton /etc/exim/passwd until something starts
> working, anyhow -- then i'll customize from there.
>
> > of course, you'll need to replace /etc/exim/passwd with the
> > path to your actual password file. Also double check to make
> > sure you made the passwd file and make sure you've got the
> > same username/password combo in there that you're trying to
> > log in with. I used the script that Derrick posted and it
> > worked great for me. (not counting the fact that it's in
> > python and not perl, but I guess I can't win 'em all... :)
>
> and i made it "chmod 600" and "chown mail.mail" as well.
>
> > Then just do an "exim -bh 127.0.0.1" and then:
> >
> > EHLO hereiam
> > AUTH BASIC <output of the base64 script using both \0's>
> >
> > And it SHOULD work. (Should being the key term. If it doesn't,
> > just post the error message and we'll go from there.) Good
> > luck. :)
>
> and here it comes--
>
> # exim -bh 192.168.1.2
>
> **** SMTP testing session as if from host 192.168.1.2
> **** Not for real!
>
> >>> host in host_lookup? yes (*)
> >>> looking up host name for 192.168.1.2
> >>> IP address lookup yielded duo
> >>> Alias duo.lan
> >>> host in host_reject? no (option unset)
> >>> host in host_reject_recipients? no (option unset)
> >>> host in auth_hosts? no (option unset)
> >>> host in sender_unqualified_hosts? no (option unset)
> >>> host in receiver_unqualified_hosts? no (option unset)
> >>> host in helo_verify? no (option unset)
> >>> host in helo_accept_junk_hosts? no (option unset)
>
> [no mention of "host_auth_accept_relay = *" ?]
>
> 220 server ESMTP Exim 3.35 #1 Fri, 31 Jan 2003 06:23:44 -0600
> ehlo herewego
> 250-server Hello duo [192.168.1.2]
> 250-SIZE
> 250-PIPELINING
> 250-AUTH BASIC
> 250 HELP
> auth basic [base64-encoded-\0user\0passwd\0]
> >>> plain authenticator:
> >>> $1 =
> >>> $2 = [username-was-here]
> >>> $3 = [passwd-went-here]
> >>> expanded string: no
> 535 Incorrect authentication data
> LOG: Authentication failed for duo (herewego) [192.168.1.2]: 535 Incorrect authentication data
>
> (also tried \0user\0passwd without trailing \0, no good.) so
> it's still retching on me. and yet...
>
> # exim -be
> > ${if pam{[username]:[bad-password]}{y}{nope}}
> nope
> > ${if pam{[username]:[right-password]}{y}{nope}}
> y
>
> so who the hell's in charge, that's what i want to know.
> apparently pam is working, but the config is rejecting it for
> some reason.
>
> tres mucho oddness. the story of my day. and the documentation is
> prfect. sure it is.
>
> > p.s. And once you're done with that you can start messing
> > around with TLS support. That was my 2nd project and today I
> > was able to, for the first time ever, send mail from my home
> > mail server while away from home using username/password
> > authentication over a secure connection. I was so proud. :)
>
> you are *exactly* where *i* want to be. (i can tell the view is
> awesome!) let me guess -- you've also got the imap thing working.
> of course, adding md5 as well wouldn't hurt, but that'll be
> another nail in the coffin. (mine, perhaps.) i just need a few
> more breadcrumbs along the path...
>
> --
> I use Debian/GNU Linux version 3.0;
> Linux server 2.4.20-k6 #1 Mon Jan 13 23:49:14 EST 2003 i586 unknown
>
> DEBIAN NEWBIE TIP #90 from Der.Hans <deb-user@LuftHans.com>
> and Joey Hess <joey@kitenet.net>
> :
> Wondering HOW TO GET CPAN MODULES FOR PERL?
> man CPAN
> Not too many manpages need capital letters. (It's a Perl module
> that comes with Perl, or at least has since Potato or before.)
> Then,
> perl -MCPAN -e 'shell'
> CAVEAT: if the Perl module is not packaged in *.deb Debian
> format (and about 270 are), the next best thing is to use the
> dh-make-perl, which can build debian packages on the fly out of
> CPAN.
>
> Also see http://newbieDoc.sourceForge.net/ ...
>
Attachment:
signature.asc
Description: This is a digitally signed message part