Re: [exim] Using saslauthd with exim.

Góra strony
Delete this message
Reply to this message
Autor: Dominic Benson
Data:  
Dla: exim-users
Temat: Re: [exim] Using saslauthd with exim.

On 25 Feb 2011, at 20:40, Dominic Benson wrote:

>
> On 25 Feb 2011, at 19:33, Alexander Kitaev wrote:
>
>> Hello,
>>
>> There are the following defaults in the Exim configuration:
>>
>> plain_saslauthd_server:
>> driver = plaintext
>> public_name = PLAIN
>> server_condition = ${if saslauthd{{$auth2}{$auth3}}{0}{1}}
>> server_set_id = $auth2
>> server_prompts = :
>> .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
>> server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
>> .endif
>>
>>
>> In particulary, there is a line:
>>
>> server_condition = ${if saslauthd{{$auth2}{$auth3}}{0}{1}}
>>
>> As I can see from the auth.log, saslauthd is called with the following
>> parameters:
>>
>> [user=name@???] [service=] [realm=] [mech=sasldb] ...
>>
>> However, I'd like saslauthd to be called as:
>>
>> [user=name] [service=exim] [realm=domain.com] [mech=sasldb]...
>>
>> In other words, I'd like exim to parse auth2 and split it into the
>> name and realm parts and also would like exim to use service name
>> "exim", so that corresponding record in the sasldb could be located.
>>
>> How could I do that? I tried, for instance, replacing {0} with {exim}
>> and {1} with {domain.com}, but it broke authentication.
>
>
> This goes direct to saslauthd, with whatever mechanism it is configured to use. You need to used an authenticator with the cyrus_sasl driver to get the extra options.
>
> plain_sasl_server is the sample example in Debian's exim4-config. It uses "exim" as the application name by default, and /usr/lib/sasl2/exim.conf is the first path checked. I thought that /etc/sasl2 was also checked, but I didn't have any luck with that. I think it depends on the sasl library configure options.
>
> See http://www.exim.org/exim-html-current/doc/html/spec_html/ch36.html for the options that are accepted. server_realm and server_service are two that I think you are referring to.
>
>



Ignore this. Do what Phil said! I thought you also wanted to vary the mechanism...