[exim] Re: Testing the GSASL authenticator with SCRAM-*-PLUS

Góra strony
Delete this message
Reply to this message
Autor: Martin Lambers
Data:  
Dla: exim-users
Temat: [exim] Re: Testing the GSASL authenticator with SCRAM-*-PLUS
Thank you very much for your help, I now have a working test setup :)

On 16/11/2023 11:41, Jeremy Harris via Exim-users wrote:
> On 15/11/2023 20:32, Martin Lambers via Exim-users wrote:
>> In particular, I have trouble understanding the purpose and usage of
>> the 'server_password' option with GSASL. How do I use this to
>> authenticate a single test user?
>
> server_password is the password that the server is expecting for the
> account,
> in clear.  Some auth methods (including the SCRAM family) deliberately
> do not
> pass the password over the wire, but only a proof of having it. This
> requires that the server end know what it is, so we need
> this option so that Exim can tell the auth library.


For archive completeness I'd like to mention that for SCRAM, the server
does not need to know the password itself, but just a salted and hashed
version of it, which can be set with server_skey instead of
server_password. For my simple test setup, I did not use this.

Best,
Martin

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/