On Mon, Feb 03, 2003 at 03:09:22AM +0100, Hendrik Sattler wrote:
> will trillich wrote:
>
> > now if you get PAM to cooperate, let me know.
> >
> > plain:
> > driver = plaintext
> > public_name = BASIC
> > # $3 =~ s/:/::/g
> > # if pam($2:$3) {yes} else {no}
> > server_condition = ${if pam{$2:${sg{$3}{:}{::}}}{yes}{no}}
> > server_set_id = $2
> >
> > when i do the interactive tests, it works like a champ; when i
> > try it from a remote client, nothing doing. still working on
> > it...
>
> For PAM, either run exim daemon as root or search at google for "pam_exim".
looks like andreas added a 'forbid when user <= someval' which
gives it more opportunities to fail. i'm looking to get it to
succeed first, *then* i'll pull back the reins a bit.
:)
> BTW: For plain auth it should be "public_name = PLAIN".
aha. maybe this is significant... <testing, testing...>
well it may be significant, but not for my problem.
pam:
driver = plaintext
public_name = PLAIN
server_condition = ${if pam{$2:${sg{$3}{:}{::}}}{yes}{no}}
server_set_id = $2
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${if
crypteq{$3}{${extract{1}{:}{${lookup{$2}lsearch{/etc/exim/passwd}{$value}{*:*}}}}}{1}{0}}"
server_set_id = $2
with "exim -bh 192.168.1.2" this fails:
auth plain [base64data]
535 Incorrect authentication data
and this doesn't:
auth login [same-exact-base64data,same session]
235 Authentication succeeded
the $1, $2, $3 all are correct, but the expansion (something,
anyhow) never works with pam.
i'll stick with the crypteq for now. (it dislikes me less.)
===
i'm not sure i've got the patience left to apply to TLS or SSL or
tld or asap or fyi or pdq or whatever the hell we're calling it
this month. i fear that if pam outfoxes me, then tls is sure to
unwind my scalp down to the medulla oblongata.
X <= here's me here's encouraging => X
pooh.
maybe later, after i unravel apache-perl vs mod_ssl, and after i
implement a remote backup scheme from scratch, and after i craft
two enterprise database applications from the ground up, and
after i deploy two HTML::Mason websites, all in the sea-of-
microso~1 here in the midwest, i may try securing exim's smtp
stuff again. in august. 2007.
(i know, a day in the life of a sysadmin. but are all sysadmins
in the middle of a technological desert like s.w. indiana? is
there anybody in the area who'd like to share some info and feel
smart? :)
--
I use Debian/GNU Linux version 3.0;
Linux server 2.4.20-k6 #1 Mon Jan 13 23:49:14 EST 2003 i586 unknown
DEBIAN NEWBIE TIP #19 from Dave Sherohman <[EMAIL PROTECTED]>
and Will Trillich <[EMAIL PROTECTED]>
:
How do you determine WHICH NETWORK SERVICES ARE OPEN (active)?
Try "netstat -a | grep LISTEN". To see numeric values (instead
of the common names for services using a particular port) then
try "netstat -na" instead. For more info, look at "man netstat".
Also try "lsof -i" as root. "man lsof" for details.
Also see http://newbieDoc.sourceForge.net/ ...
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
