https://bugs.exim.org/show_bug.cgi?id=2818
Bug ID: 2818
Summary: gsasl always defines server side
Product: Exim
Version: 4.95
Hardware: x86
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: SMTP Authentication
Assignee: jgh146exb@???
Reporter: wbreyha@???
CC: exim-dev@???
This is the continuation/second part of #2817
Background: I'm using cyrus-imapd with lmtpd and tried to use SCRAM-SHA-1
with exim as client. SHA-1 because it's CentOS 7 which has no SHA-256+ support.
I already had cyrus-sasl active for SMTP AUTH since I'm using it with
cyrus-imapd as well.
The server authenticator I used was:
sasl_scram_sha1:
driver = cyrus_sasl
public_name = SCRAM-SHA-1
server_hostname = $smtp_active_hostname
server_advertise_condition = ${if eq{$tls_in_cipher}{}{no}{yes}}
server_set_id = $auth1
Then I compiled Exim with gsasl support included and added
lmtpscram:
driver = gsasl
public_name = SCRAM-SHA-1
client_username = xxxxxx
client_password = xxxxxx
Exim immediately complained about the authenticator config with:
[1\2] 2021-10-10 02:26:08 Exim configuration error:
[2/2] two client authenticators (lmtpscram and sasl_scram_sha1) have the
same public name (SCRAM-SHA-1)
This should read "two server authenticators"... see bug #2817
The conflict on server side is caused by gsasl always setting
ablock->server = TRUE;
in gsasl_exim.c:203 and only sets it back to FALSE in some (for SCRAM-SHA-*
never met)
conditions. Even
server_condition = false
does not help in this case.
I think this is wrong, because even if I want to use gsasl alone there are
usecases were I do not want to have a server side defined while having a client
side.
--
You are receiving this mail because:
You are on the CC list for the bug.
