On Wed, 6 Sep 2000, Christi Alice Scarborough wrote:
> Possibly. Telling exim to advertise itself as supporting AUTH LOGIN
> doesn't seem to help. Should there be a third authentication driver
> to support AUTH LOGIN authentication?
No. The plaintext authenticator can be configured to support it.
> The documentation on server_prompts is a bit sparse. Do you think you
> could elaborate on how it works, since implementing AUTH LOGIN using
> this option seems like the most sensible approach to take at this point.
Well, I wonder what more I need to say than is in the manual:
The data sent with the AUTH command or in response to subsequent prompts is
encoded in base 64, and so may contain any byte values when decoded. If any
data was supplied with the command, it is treated as a list of NUL-separated
strings which are placed in the expansion variables $1, $2, etc. If there are
more strings in server_prompts than the number of strings supplied with the
AUTH command, the remaining prompts are used to obtain more data. Each
response from the client may be a list of NUL-separated strings.
So, for PLAIN authentication, where the data all comes with the AUTH
command, you don't set server_prompts at all, but for LOGIN
authentication, where there are two prompts for two pieces of data, you
set server_prompts to two strings (colon separated) as in the example.
If you were to set
public_name = PLAIN
server_prompts = p1 : p2 : p3
then it would work with a correct PLAIN client, because it would have
received 3 strings with the AUTH command, but if something didn't send
the data, it would prompt until it had 3 strings.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
