[TCLUG] smtp auth and debian

Wed May 5 07:53:13 CDT 2004

On Tuesday 04 May 2004 21:17, Jon Schewe wrote:
> I'm running debian woody on a server and I'm getting tired of keeping
> the host_accept_relay variable in exim up to date.  So I'd like to do
> smtp auth on that server.  I also want the traffic to be encrypted, so
> passwords aren't sniffed and I want it to use the unix passwords for
> authentication, shadow passwords.  I'm currently using exim, since that
> was the default install, but I'm willing to switch MTAs if required, as
> long as it works.  I'd also like to stick with standard debian packages
> because otherwise things can get hard to maintain.
>
> I've tried setting up the plain and login settings using the following
> server_conditions:
>   #server_condition = "${if
> crypteq{$2}{${extract{1}{:}{${lookup{$1}lsearch{/etc/shadow}{$value}{*:*}}}
>}}{1}{0}}" server_condition = "${if pam {$1:$2}{yes}{no}}"
>
> This is with mail in the shadow group so that it should be able to read
> /etc/shadow, but that doesn't appear to be working.  I'd think the pam
> solution would work, but it doesn't seem to be able to authenticate me.
>
> Thanks for any help you can provide.

Jon,

I've never been able to get Exim to authenticate using PAM.  My understanding 
is that the process that tries to use PAM to authenticate passwords must be 
running as root and I choose not to run it as root (partly because that's the 
default for Fedora). There are supposedly patches available to Exim that make 
it work with PAM, but I've never succeeded getting them to work.

I've only ever seen /etc/shadow with mode 400, owned by root.  Is it different 
on Debian?  If not, then adding mail to the shadow group wouldn't make any 
difference.

What I have had sucess with (and am currently doing) is authenticating users 
in Exim against LDAP (actually ldaps). I have also used NIS in the past, but 
don't anymore due to its insecurites. If LDAP is the route you'd like to go, 
I'd be happy to share my authenticators with you.

Eric

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list