Re: [Exim] SMTP AUTH (Exim-3.33 and Exim-3.952)

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Odhiambo G. Washington
CC: exim-users
Subject: Re: [Exim] SMTP AUTH (Exim-3.33 and Exim-3.952)
On Sat, 26 Jan 2002, Odhiambo G. Washington wrote:

> Just before you emabrk on your weekend proper,


Too late for me. My weekend started at 17:15 UTC on Friday. I spent most
of it helping to build a full-size dummy aeroplane (a Hurricane). Don't
ask. (Well, if you do ask, please don't do it on this list; it's busy
enough as it is.)

> On Exim-3.33 I have a working AUTH setup which correctly handles users who
> are in my /etc/passwd. Maybe I need to say the users use username:encryptedpasswd
> pair to AUTH.
> I have another set of users, virtual in this case, using username@domain:encryptedpasswd
> pair and the usernames/passwords are in MySQL database. Exim already has access to this
> database. My questions on this are:
>
> 1. Is it possible to configure authenticators for these users in Exim-3.33? I am not
>    a database guru and the much I know is just the HOWTOs that I read to setup Exim
>    and TPOP3D. I scanned the archives


There shouldn't be a problem. Instead of looking up the password in
/etc/passwd, you need to change the lookup in your authenticator to look
up the password elsewhere, for these users. You will need a way of
distinguishing between the different users. Presumably if they give the
user name with a domain, you can assume they are in the second set? If
you are using LOGIN authentication (say), where the user name ends up in
$1 and the password in $2, you will need something like

  ${if match{$1}{@}
    {
      ${lookup mysql{some query that involves $1}{$value}fail}
    }
    {
      ${lookup{$1}lsearch{/etc/passwd}{${extract{1}{:}{$value}}fail}
    }
   }


in order to find the password. I have split this over several lines (and
not put in the continuations) to make it clearer. It tests whether there
is an @ in $1, and uses one of two different lookups accordingly.

> 2. Is it possible also to setup authenticators for them in Exim-4?


Authenticators in Exim 4 are the same as in Exim 3.

> 3. On Exim-4: I built this from the FreeBSD ports and I checked the Local/Makefile
>    and saw the authenticators were compiled into the exim binary.
>    Exim-4 being new as it is, I haven't managed to get authentication working on my
>    test box. I have defined acl smtp_auth and also defined the authenticators (actually
>    they were left in place by the convert script). Exim-4 runs on the test box but when
>    I telnet to it and issue EHLO I don't see it advertising AUTH. I've scanned spec.txt
>    but seems I am missing something major.


Check out your setting of auth_advertise_hosts.

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.