Hi,
We use LDAP authentication, with openldap.
server_condition = ${if ldapauth \
{ user="uid=${quote_ldap:${sg{$1}{[\n\t\r ]}{}}},ou=blah,o=blah" \
pass="$2" ldap:///\
}{yes}{no}}
We permit a wide range of printable ascii non-alphanumerics, which all work well. It does seem awkward if the password policy is constrained by configuration file limitations. :|"'
One day, I’d like to support unicode passwords! 😎
> On 31 Mar 2015, at 11:02, Heiko Schlichting <exim-users@???> wrote:
>
> Hi,
>
> Frank Richter wrote:
>> we have configured a plain authenticator with PAM:
>>
>> plain:
>> driver = plaintext
>> public_name = PLAIN
>> server_prompts = :
>> # seehttp://exim.org/exim-html-current/doc/html/spec_html/ch-string_expansions.html - pam{...
>> server_condition = ${if pam{$auth2:${sg{$auth3}{:}{::}}}{yes}{no}}
>> server_set_id = $auth2
>>
>> A user "tester" with a password starting with a colon can't authenticate:
>>
>> pam_krb5[10327]: authentication fails for 'tester:' ...
>> ---^
>>
>> Is there a workaround for users with :passwords?
>
> We use radius instead of pam and having the same problem. Maybe you can use
> a similar solution. We changed the list separator into '|' which is
> a character not allowed in your password policy:
>
> server_condition = ${if radius{<| $auth2|$auth3}{yes}{no}}
>
> Heiko
>
> Heiko Schlichting Freie Universität Berlin
> heiko.schlichting@??? Zentraleinrichtung für Datenverarbeitung
> Telefon +49 30 838-54327 Fabeckstraße 32
> Telefax +49 30 838454327 14195 Berlin
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
--
Ian Eiloart
Postmaster, University of Sussex
+44 (0) 1273 87-3148
