Re: [exim] SPA Authentication

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Philip Hazel
Data:  
Para: reply-2005
CC: exim-users
Asunto: Re: [exim] SPA Authentication
On Wed, 23 Nov 2005, Martin Nicholas wrote:

> The example in the Exim 4.50 documentation (Chap: 37.1) contains the
> "Unknown User/Empty Password" security hole.
>
> It should read like this:
> >   spa:
> >     driver = spa
> >     public_name = NTLM
> >     ${lookup{$1}lsearch{/etc/exim/spa_clearpass}{$value}fail}

>
> Note the addition of "{$value}fail"


Thanks for taking time to point this out; however it was noticed before,
and has been corrected in the 4.60 documentation, which is currently
available for checking along with the 4.60 Release Candidate in the

ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/Testing/

FTP directory.

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book:    http://www.uit.co.uk/exim-book