Re: [exim-dev] Exim's cyrus_sasl authenticator: enhancement …

Pàgina inicial
Aquest missatge és part del següent fil:
Ml'arbre de fils complet ordenat per data
MPhilip Hazel en <-
MPhilip Hazel en ->
Delete this message
Reply to this message
Autor: Dennis Davis
Data:  
A: exim-dev
Assumpte: Re: [exim-dev] Exim's cyrus_sasl authenticator: enhancement request.
On Mon, 16 Oct 2006, Philip Hazel wrote:

> From: Philip Hazel <ph10@???>
> To: Dennis Davis <D.H.Davis@???>
> Cc: exim-dev@???
> Date: Mon, 16 Oct 2006 16:48:26 +0100 (BST)
> Subject: Re: [exim-dev] Exim's cyrus_sasl authenticator: enhancement request.
> Reply-To: exim-dev@???
>
> On Thu, 12 Oct 2006, Dennis Davis wrote:
>
> > I suspect it would be simple, and possibly useful to some, to add
> > a server_condition expansion variable to exim's cram_md5 and spa
> > authenticators.
>
> I have added server_condition to *all* authenticators (by
> abstracting it as a subroutine which they all can call). The code
> is committed and so will be in tonight's snapshot. Please test it
> if you can.

Thanks for that.

My test server is now running the snapshot and I've tested it
out with the cyrus_sasl_authenticator I previously mailed:


cyrus_sasl_authenticator:
driver = cyrus_sasl
public_name = GSSAPI
server_mech = gssapi
# KerberosV GSSAPI, usernames/passwords not sent in cleartext. So
# we don't need to be in a TLS-encrypted session.
server_advertise_condition = yes
server_condition = ${if eq {${lookup{$auth1}SEARCH{KRB5_PRINCIPALS}{yes}fail}} {yes}}
server_set_id = $auth1


If I remove *my* username from the database to be searched, I see:

2006-10-17 14:25:30 cyrus_sasl_authenticator authenticator failed for hinault.bath.ac.uk [138.38.52.28] I=[138.38.32.118]:587: 535 Incorrect authentication data (set_id=ccsdhd)

in exim's logs. Putting my username back in results in test messages
being sent OK:

2006-10-17 14:27:00 1GZoyC-00078e-NL <= D.H.Davis@??? H=hinault.bath.ac.uk [138.38.52.28] I=[138.38.32.118]:587 P=esmtpsa X=TLSv1:DHE-RSA-AES256-SHA:256 A=cyrus_sasl_authenticator:ccsdhd S=762 id=Pine.GSO.4.64.0610171425300.10117@???
2006-10-17 14:27:00 1GZoyC-00078e-NL => d.h.davis@??? <D.H.Davis@???> R=local_domains T=remote_smtp H=bucs.bath.ac.uk [138.38.32.34]
2006-10-17 14:27:00 1GZoyC-00078e-NL Completed 

So, as far as I can tell, everything is working as expected.
-- 
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
D.H.Davis@???               Phone: +44 1225 386101



Aquest missatge es va enviar a les següents llistes de correu:
Exim-dev
Informació sobre la llista de correu | Missatges propers		<-[exim-dev] [Bug 339] Put callout response into a variable[exim-dev] [Bug 339] Put callout response into a variable->
Tahini and Hummus and Cumin Development Archives administrat per cumin AdminsLurker (versió 2.3)