Re: [exim] cyrus-sasl authenticator

Góra strony
Delete this message
Reply to this message
Autor: Andy Bennett
Data:  
Dla: exim-users
Temat: Re: [exim] cyrus-sasl authenticator
Hi,


> Is anyone out there using the cyrus_sasl authenticator?
> Please contact me, with your configuration.


This one?

-----
# Authenticators for sasldb
# http://wiki.exim.org/AuthenticatedSmtpUsingSaslauthd
plain:
driver = plaintext
public_name = PLAIN
server_prompts = :
server_set_id = $2
server_condition = ${if
saslauthd{{${local_part:$2}}{$3}{smtpauth}{${domain:$2}}}{1}{0}}
server_advertise_condition = ${if def:tls_cipher }

login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = ${if
saslauthd{{${local_part:$1}}{$2}{smtpauth}{${domain:$1}}}{1}{0}}
server_set_id = $1
server_advertise_condition = ${if def:tls_cipher }
-----



> Inspection shows that the testsuite check for it doesn't
> function - and the implementation code has not changed
> materially since first introduced in exim 4.43 (2004/10).
>
> Specifically, there is no knowledge of the user-secret
> (aka. password). I am forced to assume that the
> library has some backdoor configuration (the docs
> chapter mentions possible need for environment variables
> but is not explicit).
>
> The library provides for a callback during server-side auth, giving
> the received name and password from the client and permitting the
> calling code (the exim authenticator, here) to validate the
> combination. The current coding does not request this callback,
> and (at least for the PLAIN and ANONYMOUS auth methods) always
> claims the authentication failed, as invoked by the testsuite.
>
> Possibly this is because of some missing configuration as
> mentioned above. Or possibly it has never worked.
>
> Test hackery shows that with the callback I can do something
> reasonable for PLAIN.  My concern is that I break this
> putative backdoor config mechanism - hence the call for
> information.
> - -- 
> Cheers,
>   Jeremy                            jgh@???

>
> GPG-encrypted mail welcome
> -----BEGIN PGP SIGNATURE-----
>
> iQEzBAEBCAAdFiEEqYbzpr1jd9hzCVjevOWMjOQfMt8FAl3ZPXYACgkQvOWMjOQf
> Mt+puggAvx4vFv1D5sesLlSwUxBzPAoAwfyhm0e1CE6VYPB6p6i1aaH5ph6hO2dv
> tgUj+LcQ+/hPE6GWP0dhZdvXpRtc9xmFygUahsAmBHYN0suJpzRgJSkNZiiVP/iK
> O1uqDoCtoy+9jK8uRy8j6w8mUIx1cQTx1s5rbCqzNsKbpQlc8AC7u+8geCbb+wE5
> Cf4UjcI+E2SNk/34xQopkPKGm1nSiQHZ9Pk7DvmyObI/FHnI5wtQWS8LCeACKjn+
> jO+oczoLpclkxnt4tp9eWnVHXlpuUzT3AAzxxeYu0L/xshZGlFkgGr1NtSKTb9am
> DHBpJlM/jepKDFkptHgV43DmAxkMAA==
> =qQKi
> -----END PGP SIGNATURE-----
>


--
Best wishes,
@ndy

--
andyjpb@???
http://www.ashurst.eu.org/
0x7EBA75FF