Re: [exim] SASL and LookOut

Top Page
Delete this message
Reply to this message
Author: Phil Brutsche
Date:  
To: exim-users
CC: ph10, exim
Subject: Re: [exim] SASL and LookOut
Matthew Byng-Maddick wrote:

> I wrote the driver for a pretty much homogeneous standards-compliant
> environment. The problem here is that SASL does not do a LOGIN
> authenticator (which is not a SASL-standard authenticator) which
> would be needed by exim.


While it is true that LOGIN is not a standard authentication method,
Cyrus SASL *does* implement it, and has for quite a while - my copy of
the Cyrus SASL 1.5.28 source tree has it, for sample.

Even though it is disabled by default in the source distribution, it
*is* enabled in the stock Debian, RHEL3, and SUSE 9.x packages (and
probably more, but that's what I have available at the moment to check):

$ ls -l /usr/lib/sasl2/*login*
-rw-r--r--  1 root root 13726 Oct 16 16:02 liblogin.a
-rw-r--r--  1 root root   831 Oct 16 16:02 liblogin.la
lrwxrwxrwx  1 root root    18 Oct 21 02:26 liblogin.so ->
                                           liblogin.so.2.0.19
lrwxrwxrwx  1 root root    18 Oct 21 02:26 liblogin.so.2 ->
                                           liblogin.so.2.0.19
-rw-r--r--  1 root root 14028 Oct 16 16:02 liblogin.so.2.0.19
$ cat /etc/debian_version
3.1


AUTH LOGIN works with Cyrus SASL 2.1.19 and Exim 4.43 with:

sasl_plain:
driver = cyrus_sasl
public_name = PLAIN
server_set_id = $2

sasl_login:
driver = cyrus_sasl
public_name = LOGIN
server_set_id = $1

in my Exim config and

pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

in /usr/lib/sasl2/smtp.conf.

It should work more-or-less the same if you use other methods for
checking your passwords (ie SQL    or auxprop).


--

Phil Brutsche
phil@???
who agrees that Outlook is garbage but finds that real life intervenes
and thus must support it