Georges Arnould wrote:
>>I bet your authenticator config is broken, if it can't lookup the
>>username it will accept anything as password, try it yourself.
>>Show use your auth-config, and we can help you.
>
>
> Here it is ... It has never changed for a year ... And someone managed to
> pass through yesterday. I wonder if my config. is broken ... But I would
> enjoy it is (meaning no recompil, no reinstall, etc.) ...
>
> Thank's for your appreciated help !
>
> Georges
>
>
> fixed_login:
> driver = plaintext
> public_name = LOGIN
> server_condition = "${if eq
> {${lookup{$1}lsearch{/usr/local/exim/etc/trusted_users}{$value}}} {$2} {yes}
> {no}}"
> server_set_id = $1
> server_prompts = "Username:: : Password::"
in general you should verify that you lookup SOME password, I used
server_condition = "${if eq\
{${lookup{$1}lsearch{/usr/local/exim/etc/trusted_users}{$value}fail}}\
{$2} {yes}{no}}"
to make sure that the expansion fails if the lookup wasn't successful.
Nico
