On Thu, 2003-04-17 at 14:55, Derrick 'dman' Hudson wrote: > On Wed, Apr 16, 2003 at 09:21:59PM +0100, Shri Shrikumar wrote: > | Hi, > | > | I am trying to get exim authenticate users before relaying and would > | like to use PAM. > > Do you use shadow passwords? Yes. > Are you trying to use pam_unix.so (specified in /etc/pam.d/exim)? I copied the imap over (courier-imap which works fine) > > | Can anyone who has done this before shed some light on this. > > Only root can read the password hash stored in /etc/shadow. exim > can't. (exim performs the check as EXIM_USER, often named "mail") > > You have a few options depending on your goals : > 1) allow the user 'mail' to read /etc/shadow How risky is this ? Also, what would be the best way to do this ? > 2) maintain a copy which user 'mail' can read Yeah, but this would kind of defeat the purpose since I wanted a centralised place for usernames and passwords so I wont have to change things all over the place each time a user is added / deleted. > 3) use a different pam method for authentication This is what I do now. I just copied the shadow file, removed all the irrelevant entries like root and used the standard authentication method that came with exim. Thanks for your response dman, Regards, Shri -- ------------------------------------------------------------------------ Shri Shrikumar U R Byte Solutions I.T. Consultant Edinburgh, Scotland Tel: 0845 644 4745 Email: shri@urbyte.com Web: www.urbyte.com
Attachment:
signature.asc
Description: This is a digitally signed message part