Re: [Exim] SMTP AUTH PLAIN - error in documentation and conf…

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: CaLViN
CC: exim-users, hobbes
Subject: Re: [Exim] SMTP AUTH PLAIN - error in documentation and config files
On Tue, 13 May 2003, CaLViN wrote:

> I think there are some errors in the documentations and in the
> standard config files of exim (both version 3 and 4).


Exim 3 is obsolete and is no longer maintained (though I would fix a
really serious bug if one cropped up).

> First, the RFC referenced in the documentation is RFC 2595. This RFC
> talks about "Using TLS with IMAP, POP3 and ACAP" The correct RFC
> should be 2554 "SMTP Service Extension for Authentication".


The Exim 4 manual references 2554 at the start of chapter 32.

> This is the recommended config:
>
> fixed_plain:
> driver = plaintext
> public_name = PLAIN
> server_condition = ${if and {{eq{$2}{ph10}}{eq{$3}{secret}}}{yes}{no}}
> server_set_id = $2


Not in the Exim 4.10 manual. In chapter 33 it has

  fixed_plain:                                                                 |
    driver = plaintext                                                         |
    public_name = PLAIN                                                        |
    server_prompts = :                                                         |
    server_condition = \                                                       |
      ${if and {{eq{$2}{ph10}}{eq{$3}{secret}}}{yes}{no}}                      |
    server_set_id = $2                                                         |


Note, however, the emphasis marks on the right hand side. That means
that this text was changed for the 4.10 edition.

> The documentation (Part 36) even says: "Because no prompt strings are
> set, if no data is given with the AUTH command, authentication fails."


I think you must be reading an old copy of the manual (if you are
quoting the Exim 4 manual).

> RFC 2554 clearly states that transmitting the authentication data with
> the AUTH PLAIN command is _optionally_,


Actually, I don't think it is that clear. Well, I for one misunderstood
it when I first implemented authentication. It was only relatively
recently - 18 months ago maybe? - that this misunderstanding was brought
to my attention. Luckily, it didn't affect the code of Exim, just the
way it was configured.

> fixed_plain:
> driver = plaintext
> public_name = PLAIN
> server_prompts = :
> server_condition = ${if and {{eq{$2}{ph10}}{eq{$3}{secret}}}{yes}{no}}
> server_set_id = $2


That is exactly what is in the current Exim 4 documentation.

> exim will behave RFC conform. Please change this in the documentation
> and in the default config files when possible.


It has been changed in the documentation since July 22 2002, when the
4.10 edition of the manual came out. There are no authenticators in the
default configuration file.

Philip

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.