Re: [exim] Client Authentication

Top Pagina
Delete this message
Reply to this message
Auteur: John W. Baxter
Datum:  
Aan: exim-users
Onderwerp: Re: [exim] Client Authentication
On 6/2/05 4:49 PM, "Fred Viles" <fv+exim@???> wrote:

> On 2 Jun 2005 at 18:12, Matt Mashyna wrote about
>     "[exim] Client Authentication":

>
> | I'm working on a mail client and I'm having some trouble with PLAIN
> | authentication and Exim. With other servers, like Postfix for
> | example, the client says EHLO and gets a list of authentication
> | schemes, among other useful info. With Postfix my client can send
> | AUTH LOGIN PLAIN\n
>
> Your client is broken. The AUTH command consists of the keyword
> AUTH, followed by a keyword matching *one* of the advertised
> authentication methods (LOGIN *or* PLAIN, in this case), optionally
> followed by data depending on the authentication method.


The client seems to be Postfix. If so, it's not broken, it's just using a
different authentication system: SASL. Recent Exim's can be told how to
deal with that.

Unfortunately, that means I can't have my Mac OS X machine authenticate with
our servers (since we don't--yet--offer SASL), if I run the message through
the local Postfix.

>
> | client sends the b64 user name, gets a request for a password, it
> | sends the b64 password and then the authentication is either excepted
> | or rejected.
>
> If the server also prompted for the username, not just the password,
> that's the standard AUTH LOGIN method. It sounds like Postfix just
> ignored the invalid data at the end of your "AUTH LOGIN" command.
>
> | When I try to do this with an Exim server it immediately says
> | "Invalid base64 data"
>
> Right, that's because the plaintext authenticator accepts AUTH PLAIN
> syntax, where the credentials are supplied on the AUTH command so
> there's no prompting. If anything follows the method name, it is
> assumed to be the b64-encoded credentials.


Right, except that half the connection isn't doing AUTH LOGIN or AUTH PLAIN.

>
> |...
> | Any help would be greatly appreciated.
>
> Fix your client to either follow the LOGIN method:


The client is--I think as I said above--Postfix. Unless there are addons
for it, it can't be fixed in the way you--correctly--suggest. Exim,
however, should be trainable to play nicely with Postfix, in recent
versions. I haven't had time to try.

--John