After having searched all over the web for an SHA1 extension for Exim's
authenticators without success. I decided to write one myself and tested
it successfully.
I did not write a whole authenticator but instead I added an extension
to the "crypteq" function in expand.c
Here is the README
This is the SHA patch for Exim's "crypteq" function. It allows
the function to generate an SHA1 crypt of the clear text
component (the first function parameter) and then base64-encodes
it and compares the results.
SHA1 is used in Netscape's LDAP directory for Netscape mail system.
The encrypted parameter must be prepended by "{SHA}" or "{sha}".
Install:
1. Copy the patch tar.gz file into you Exim-source directory.
2. Run tar xvzf SHA-patch.tar.gz (it will create a directory
named SHA-patch in the current directory).
3. cd to src/: ~$ cd src/.
4. ~$ pacth -p1 expand.c < ../SHA-patch/expand.pacth
5. Make sure you have already created the exim Local/Makefile
6. ~$ cd ..
7. ~$ cd Local
8. ~$ patch -p1 Makefile < ../SHA-patch/Makefile.patch
9. Run make all followed by make install and there you have it.
Best use of this code is the following in exim's configure file:
######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################
fixed_login:
server_condition = "${if and {{!eq{$1}{}}{!eq{$2}{}} \
{crypteq{$2}{${lookup mysql{SHA_PASS_SQL} \
{value}{fail}}}{1}{0}}"
Contribution by Elie Kfoury 2002, elie@???.
IMPORTANT: You must have mhash installed on your system before
you can use this patch. You can obtain the latest copy of mhash
from:
http://mhash.sourceforge.net.
Configure mhash with the "--prefix=/usr" option and then make all
then make install. (You must install mhash before you compile Exim).
Enjoy.
