At 10:21 +0100 Philip Hazel wrote:
>On Tue, 10 Sep 2002, Matt Bernstein wrote:
>
>> This could be a job for AUTH EXTERNAL (see my post from Aug 17), but I
>> haven't the time to code it, it didn't make to the wish list, and I'm sure
>> Philip has plenty of other things to worry about just now.
>
>Didn't I come to the conclusion that you could configure the plaintext
>authenticator to support AUTH EXTERNAL? Ah yes, I wrote:
>
>"My guess (though I haven't worked it through) is that you could
>configure Exim's plaintext authenticator to do this for you. It can
>handle any number of data items (in this case 1), and it can test for
>whether the session is encrypted or not."
Sorry for being so dense, but I don't see how this would work as a client.
[ time passes.. ]
Would you have to say client_send = : or maybe client_send = ^ ?
Maybe it's "client_send = : :" (This means send nothing with the AUTH
EXTERNAL, then nothing to the 334 prompt.)
OK.. give that a whirl.. [ more time passes.. ]
Ahhh.. I've just found a bug in Exim (but it's not in the AUTH code). If
Exim does a STARTTLS in an LMTP conversation, it negotiates OK (haven't
yet checked the cert bit, but I'm sure it's OK), but then says EHLO
instead of LHLO. [ a little more time.. ] Obvious fix:
--- smtp.c~ Mon Jul 22 09:59:51 2002
+++ smtp.c Tue Sep 10 13:16:45 2002
@@ -893,7 +893,8 @@
if (tls_active >= 0)
{
- if (!smtp_write_command(&outblock, FALSE, "EHLO %s\r\n", helo_data))
+ if (!smtp_write_command(&outblock, FALSE, "%s %s\r\n", lmtp? "LHLO" : "EHLO",
+ helo_data))
goto SEND_FAILED;
if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
ob->command_timeout))
..and now I discover that Cyrus won't offer AUTH EXTERNAL after we've done
STARTTLS. Still, at least I've fixed a bug.. is that penance enough?
Matt
