"Ronny Seffner" <r.seffneri-t-sys.de> wrote:

> The "pwcheck_method" is "pam" and I noticed, the whol only works when
> the"mail_owner" (postfix) is in group "shadow" or /etc/shadow has 0644
> rights. Is the only way to get postfix reading /etc/shadow via PAM
> whit this rights - I think its an security issue?

You should be usung

pwcheck_method:saslauthd
or
pwcheck_method:pwcheck

and then run the pwcheck or the saslauthd Daemon as root with pam as a
parameter. I do:

/usr/sbin/saslauthd -a pam

on startup before starting postifx

This way you don't need to make your shadow file available for anyone
else than root

Jean-Pierre

-- 
Powered by Linux From Scratch - http://schwicky.net
PGP Key ID: 0xEE6F49B4 - AIM/Jabber: Schwicky - ICQ: 4690141
Nothing is impossible... Everything is relative!
-
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]