Re: [exim] Cram authentication and domain-specific password …

Top Page
Delete this message
Reply to this message
Author: Jonas Meurer
Date:  
To: exim-users
CC: Evgeniy Berdnikov
Subject: Re: [exim] Cram authentication and domain-specific password file
Hi again,

Am 2015-06-29 22:29, schrieb Evgeniy Berdnikov:
> On Mon, Jun 29, 2015 at 06:28:07PM +0200, Jonas Meurer wrote:
>> Nope, I mean the domain part of provided username.
>
> Username is saved in $auth1. Clearly documented.


True. My problem was about splitting the username and using part of it
for the passwd file to look up.

>> If somebody tries to
>> authenticate as 'user@???', then the password file to lookup
>> the
>> credentials is '/etc/vmail/users/domain.org'. This is what I try to
>> achieve. Is this possible at all?
>
> Just split the username string on '@', extract domain and use it.


Ok, got that now. The following statement splits the username on '@'
and looks up the password for user <LOCALPART> in password file
/etc/vmail/users/<DOMAIN>:

vmail_auth_cram:
   server_debug_print = "A: vmail-authenticator cram-md5 for $auth1"
   driver = cram_md5
   public_name = CRAM-MD5
   server_secret = \
     ${lookup{${extract{1}{@}{$auth1}}} \
       lsearch{VMAIL_USERS_DOMAINS/${extract{2}{@}{$auth1}}} \
       {$value} \
       fail \
      }
   server_set_id = ${extract{1}{@}{$auth1}}


Problem is, that the password needs to be stored unencrypted in the
password file for that authenticator. Is it possible to use encrypted
password stores for cram-md5 authenticator, as it is for plain and
login authenticators?

Cheers,
jonas