I'm trying to setup smtp-auth in exim, where users are authenticated using pam (login/password). But for that setup to be possible, exim needs to run as root since nobody other than root is allowed to auth up against pam, since the shadow passwords is only readable by root. Since I don't like to run exim as root, I found another solution. Some debian folks have developed a pam module derived from pam_unix, that allowes one special user/group (in this case the exim user/group) to also authenticate users. The module is described here: http://www.e-admin.de/pam_exim/ I would like this module to be included in the pam ebuild. Reproducible: Always Steps to Reproduce:
Created attachment 67166 [details] pam-0.78-r3.ebuild A modified pam-0.78-r2.ebuild that correctly installs the pam_exim module. #diff -u pam-0.78-r2.ebuild pam-0.78-r3.ebuild --- pam-0.78-r2.ebuild 2005-08-18 23:41:58.000000000 +0200 +++ pam-0.78-r3.ebuild 2005-08-19 00:28:32.000000000 +0200 @@ -23,6 +23,7 @@ S="${WORKDIR}/Linux-PAM-${PV}" S2="${WORKDIR}/pam-${PV}-patches" SRC_URI="http://www.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-${PV}.tar.gz + http://www.e-admin.de/pam_exim/pam_exim.tgz mirror://gentoo/pam-${PV}-patches-${PATCH_LEVEL}.tar.bz2 berkdb? ( http://downloads.sleepycat.com/db-${BDB_VER}.tar.gz ) pam_console? ( ftp://ftp.gtk.org/pub/gtk/v2.6/glib-${GLIB_VER}.tar.bz2 )" @@ -108,6 +109,11 @@ # These ones we do not want, or do not work with non RH rm -rf ${S}/modules/{pam_rps,pam_postgresok} + # pam_exim + tar --no-same-owner -zxf ${DISTDIR}/pam_exim.tgz \ + || die "Couldn't unpam pam_exim.tgz" + epatch ${FILESDIR}/pam_exim-26.patch || die "Couldn't patch pam_exim" + apply_pam_patches if use selinux; then
Created attachment 67167 [details, diff] pam_exim-26.patch This is the patch mentioned on the pam_exim homepage, which is applied in the ebuild attached above. Please note that the pam_exim module dosen't work without this patch on 2.6 kernels.
Please *do not* build this inside sys-libs/pam. Instead, create an ebuild on its own.
I've marked the attachments as obsolete. Please, attach a new ebuild for pam_exim.
pam_exim cannot be built as standalone. It's Makefile uses the pam Make.Rules and hence it's almost impossible to create a standalone ebuild for pam_exim. Why not make the pam_exim module depend on an USE-flag? That way pam_exim can follow the pam behaviour by being in the pam ebuild, but is only installed if the user actually wants it.
sys-libs/pam already have too many things in it. I'm trying to get a simple way to create modules using linux-pam structure, but it will take a bit.
Then there is three ways to go on this bug: 1.: Leave it open until there has been developed a framework for pam modules that needs to be compiled together with pam, and then report back when it has finished. Then I will adapt pam_exim to that framework. 2.: Put pam_exim in the pam ebuild for now. 3.: Reject the bug If there is such much resistance against solution #2, then I vote for solution #1. I need pam_exim and i'm possible not the only one. Btw. it seems fairly long since there has been any development on pam_exim. Perhaps someone should adopt that project and turn it into a standalone module (and fix the bug in the source).
Note that pam 0.99 us completely different from 0.78 in the way it builds modules (Makefile.am rather than using special make rules) so you can't anyway try to patch it on it. Also, I'm going to move some modules _out_ of it, rather than _in_ it, so you need to think of a way to build this standalone.
This won't fly. Reopen if you can produce a stand-alone ebuild. WONTFIX meanwhile.
