Mailing List Archive

On Thu, 25 Jul 2002, Derrick wrote:

> Am I correct in thinking that SMTP Auth is not doable on FreeBSD because
> /etc/master.passwd is rw only for root.wheel..

no.

> Is it possible to create a
> script to dump the password field out of the master.passwd field into
> either the /etc/passwd file? or cut the username and passwords out of
> master.passwd into a new file?

probably, but you don't need to take such a complicated route, you
could just simply shoot yourself on the foot.

> Am I missing something dramatically here,

very definitely. what you're missing is that the system databases are
not the only source for smtp auth. practically anything else from
(other) flat files to ldap databases can be used to store
authentication info.

if you definitely want to stick to the system account db, first
consider what implications will it have on your system's security (to
be exact, you *will* be transmitting your passwords in clear over the
net [unless you use ssl that is]), then you could give the linux
pam_exim (url in archives and freshmeat) a try/porting session to
freebsd.

> have been diggin through the archives, and this seems to be what I'm
> seeing, or at least it's the most common answer I have come across.

for a slightly different question, yes.


--
[-]

Derrick wrote:
> Am I correct in thinking that SMTP Auth is not doable on FreeBSD because
> /etc/master.passwd is rw only for root.wheel.. Is it possible to create a
> script to dump the password field out of the master.passwd field into
> either the /etc/passwd file?

No

> or cut the username and passwords out of master.passwd into a new file?
> Am I missing something dramatically here, I have been diggin through the
> archives, and this seems to be what I'm seeing, or at least it's the most
> common answer I have come across.

There are other ways of authenticating users, usually by a "middle-man" that
has root access, whom exim will talk to.

I've used RADIUS with pam_radius, for example.


Phil

--
On Thu, Jul 25, 2002 at 01:43:31PM -0700, Derrick wrote:
| Am I correct in thinking that SMTP Auth is not doable on FreeBSD because

No.

| /etc/master.passwd is rw only for root.wheel..

You can change that, or you can change the group exim runs as.

| Is it possible to create a script to dump the password field out of
| the master.passwd field into

Is it possible? Of course! Anything is "possible" :-).

#!/bin/sh

awk -F: '
/^(sash)?root:/ { next }
#/^[^:]*:([^!*x]|x)[^:]/ {
/^[^:]*:.[^:]/ {
if ( length($2) > 10 )
{ print $1 ":{md5}" $2 }
else { print $1 ":" $2 }
}
' /etc/shadow


This works on a linux system to pull the passwords out of /etc/shadow.
Redirect stdout to the file of your choosing, then either use a fancy
${lookup in exim or use pam_pwdfile.so to use that as the data store.
If you don't like this duplicated-data method of using the same
credentials for shell and SMTP authentication, a nice solution is to
move all of your user accounts into LDAP and use pam_ldap.so for both
shell and exim logins.

-D

--
In my Father's house are many rooms; if it were not so, I would have
told you. I am going there to prepare a place for you. And if I go and
prepare a place for you, I will come and take you to be with me that you
also may be where I am.
John 14:2-3

http://dman.ddts.net/~dman/
--
[ Content of type application/pgp-signature deleted ]
--