Re: [exim] Using in different auth sources in parallel

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Dominic Benson
Date:  
À: exim-users
Sujet: Re: [exim] Using in different auth sources in parallel
On 23/02/11 16:00, Lukas Haase wrote:
> Hi,
>
> I currently offer standard LOGIN authentication to my SMTP server
> using a few standard passwords from /etc/exim/passwd
>
> I use the default code from Debian exim4 config for this:
>
> login_server:
> driver = plaintext
> public_name = LOGIN
> server_prompts = "Username:: : Password::"
> server_condition = "${if
> crypteq{$auth2}{${extract{1}{:}{${lookup{$auth1}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
>
> server_set_id = $auth1
> .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
> server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
> .endif
>
> Now I want to add support for logging in with the credentials from
> dovecot:
>
> login_dovecot_authdaemon:
> driver = dovecot
> public_name = PLAIN
> server_socket = /var/run/dovecot/auth-client
> server_set_id = $auth1
> .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
> server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
> .endif
>
> When I enable both of them I unfortunately get:
>
> 2011-02-23 16:52:09 Exim configuration error:
> two server authenticators (login_server and
> login_dovecot_authdaemon) have the same public name (LOGIN)
>
> However, for the first time I want to enable *both* sources. The first
> one for people who have already configured their client using the
> current passwords.
>
> And the second (dovecot) one for when setting up new users.
>
> Is this somehow possible? Either try login_dovecot_authdaemon when
> login_server fails or the other way round?


I don't think you can do it in Exim directly (well, you could obviously
try lookups against multiple passwd type files, by extending the server
condition, but that doesn't appear likely to be useful to you).

What you can do, however, is use multiple authentication databases from
Dovecot (see http://wiki.dovecot.org/Authentication/MultipleDatabases),
that way Exim can use just that as its authentication provider.

(I haven't done this with Dovecot's SASL, but I have with Cyrus).
>
> Regards,
> Luke
>
>
>
>
>