[exim] Re: Testing the GSASL authenticator with SCRAM-*-PLUS

Top Page
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: [exim] Re: Testing the GSASL authenticator with SCRAM-*-PLUS
On 15/11/2023 20:32, Martin Lambers via Exim-users wrote:
> In particular, I have trouble understanding the purpose and usage of the 'server_password' option with GSASL. How do I use this to authenticate a single test user?


server_password is the password that the server is expecting for the account,
in clear. Some auth methods (including the SCRAM family) deliberately do not
pass the password over the wire, but only a proof of having it. This
requires that the server end know what it is, so we need
this option so that Exim can tell the auth library. Effectively,
the server_condition option then becomes useless (for these auth
methods) so you may as well set a static "true" value for that
(*only* for these auth methods).

The value for server_password for your simple testcase
can be just the static password. For production use you'd likely
have a DB lookup using $auth1 (authentication id - ie. usename)
as key.
--
Cheers,
Jeremy


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/