exim4:enable_smtp-auth_with_pam
This is an old revision of the document!
Table of Contents
Exim4 - Enable SMTP-Auth with PAM
To use PAM for SMTP authentication, but with the possibility of passwords in a local file, say /etc/exim4/passwd, overriding those in PAM. In other words, the goal is to have the following:
- Check if the user ID exists, along with a password, in /etc/exim4/passwd
- If so, use the password in /etc/exim4/passwd to authenticate
- If not (or if /etc/exim4/passwd does not exist), use PAM to authenticate.
Configuring exim
tls_advertise_hosts = *
auth_advertise_hosts = ${if def:tls_in_cipher {*}{}}
begin authenticators
PLAIN:
driver = plaintext
server_prompts = :
server_condition = "${if pam{$auth2:$auth3}{yes}{no}}"
server_set_id = $auth2
LOGIN:
driver = plaintext
server_prompts = "Username:: : Password::"
server_condition = "${if pam{$auth1:$auth2}{yes}{no}}"
server_set_id = $auth1
PAM config
Contents of /etc/pam.d/exim
- /etc/pam.d/exim
auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so password required /lib/security/$ISA/pam_cracklib.so retry=3 type= password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5shadow password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so
This file must be readable by the exim group (the group your exim daemon runs as) otherwise you will get the error.
535 Incorrect authentication data (set_id='userid')
References
exim4/enable_smtp-auth_with_pam.1478528368.txt.gz · Last modified: 2020/07/15 09:30 (external edit)