Re: [exim] Dovecot authentication

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Renaud Allard
Date:  
À: W B Hacker
CC: exim-users
Sujet: Re: [exim] Dovecot authentication
On Sun, 09 Jul 2006 21:52:28 +0800
W B Hacker <wbh@???> wrote:

> Renaud Allard wrote:
>
> > Hi,
> >
> > I was wondering if anyone has got experience with running exim with
> > dovecot authentication.
> > I tried the patch found at:
> > http://www.exim.org/eximwiki/AuthenticatedSmtpUsingDovecot
> > It applies without any problem with current (4.62) exim source code, but
> > when trying to send a mail with authentication, I just get the following
> > errors:
> >
> > in exim log:
> > cramMD5 authenticator failed for mail.eriador.org ([172.20.0.1])
> > [85.201.63.39]: 435 Unable to authenticate at present: authentication
> > socket read error or premature eof
> >
> > in dovecot log:
> > dovecot: auth(default): client in: AUTH 38      CRAM-MD5
> > rip=85.201.63.39        lip=209.216.230.30      resp=
> > dovecot: auth(default): BUG: Authentication client 32610 didn't specify
> > service in request

> >
> > my dovecot version is: 1.0.rc2. I guess this patch has been made against
> > an old dovecot. So if someone has got a newer patch or any idea, it will
> > be welcome.
> >
> > PAM authentication is totally out of question as I am working with OpenBSD.
> >
> >
>
> You have *me* thoroughly confused.
>
> - The patch you reference is to implement support for a Windows
> protocol available for Dovecot (but not needed) into Exim so you
> can work with ..... OpenBSD?
>
> Why do so, when even the broken-in-many-ways Windows MUA and
> nearly all common non-MS MUA already support the common and
> secure SSL/TLS auth available in Exim, all *BSD's, other Unix,
> and Linux?
>
> Unless you want to add MS security holes for the sake of
> familiarity?
>
> We use SSL/TLS with Exim 4.X, Dovecot .9x and 1.x on FreeBSD 4.X
> and 6.X. Dovecot and Exim can use the same singel cert, separate
> certs per daemon, and/or separate certs per-domain, port, or IP.
>
> Puzzled,


Ahmm, yes, indeed the example is relevant for NTLM, but should work with any other implementation. Most notably DIGEST-MD5 and GSSAPI. What I would in fact want is a common password database both for exim and dovecot where passwords are not stored in plaintext.
My server is OpenBSD. Clients are windows, linux, macosX, FreeBSD, OpenBSD (yes, all of these).
NTLM is not that a bad idea (SSL encypted) to support as it wouldn't cause problems with people checking "use secure password authentication" in outlook.
In fact, I must admit I would prefer a patch that would let dovecot authenticate against exim (which in turn supports cyrus-sasl libray even for PLAIN, LOGIN,...).