On Wed, 2007-09-26 at 18:48 +0100, T. Horsnell wrote: > We're trying to switch to using NIS tables > during SMTP authentication, but cant get > anything to work. We dont really understand > how one is supposed to use the nis lookup
Neither do I :) You could do worse, however, than allow your OS to do the legwork for you via PAM: http://www.exim.org/exim-html-current/doc/html/spec_html/ch11.html#SECTexpcond You'll have to follow the instructions therein regarding the patched pam_exim module, but I find that's the handiest method available since it abstracts the authentication back to the OS. The OS then "stacks" the available methods and calls them appropriately. However: > We currently have things like: > > fixed_plain: > driver = plaintext > public_name = PLAIN > server_prompts = : > server_condition = ${if crypteq{$3}\ > {${extract{1}{:}{${lookup{$2}lsearch{/etc/shadow}{$value}}}}\ > }{yes}{no}} This implies, rather uncomfortably, that you're running Exim as root (or you've mangled the permissions on /etc/shadow). That's a big risk - one you may be able to manage, but a risk nonetheless. Hence my comments about PAM, since all that nastiness is abstracted back where it needs to be. > and would like to replace the search of /etc/shadow > with a nis{passwd} thing. What is the syntax? > > {${extract{1}{:}{${lookup{$2}lsearch{nis{passwd}}{$value}}}}\ > > doesnt work, and neither does > > {${extract{1}{:}{${lookup{$2}{nis{passwd}}{$value}}}}\ > > How do we extract a line from nis's passwd tables using a > userid as a keyword? I believe you'd do it like this: ${lookup{$2}nis{passwd}} But I'm probably wrong. What do you get if you "ypcat passwd"? Graeme -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
