On 25 Feb 2011, at 19:33, Alexander Kitaev wrote:
> Hello,
>
> There are the following defaults in the Exim configuration:
>
> plain_saslauthd_server:
> driver = plaintext
> public_name = PLAIN
> server_condition = ${if saslauthd{{$auth2}{$auth3}}{0}{1}}
> server_set_id = $auth2
> server_prompts = :
> .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
> server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
> .endif
>
>
> In particulary, there is a line:
>
> server_condition = ${if saslauthd{{$auth2}{$auth3}}{0}{1}}
>
> As I can see from the auth.log, saslauthd is called with the following
> parameters:
>
> [[email protected]] [service=] [realm=] [mech=sasldb] ...
>
> However, I'd like saslauthd to be called as:
>
> [user=name] [service=exim] [realm=domain.com] [mech=sasldb]...
>
> In other words, I'd like exim to parse auth2 and split it into the
> name and realm parts and also would like exim to use service name
> "exim", so that corresponding record in the sasldb could be located.
>
> How could I do that? I tried, for instance, replacing {0} with {exim}
> and {1} with {domain.com}, but it broke authentication.
This goes direct to saslauthd, with whatever mechanism it is configured to use.
You need to used an authenticator with the cyrus_sasl driver to get the extra
options.
plain_sasl_server is the sample example in Debian's exim4-config. It uses
"exim" as the application name by default, and /usr/lib/sasl2/exim.conf is the
first path checked. I thought that /etc/sasl2 was also checked, but I didn't
have any luck with that. I think it depends on the sasl library configure
options.
See http://www.exim.org/exim-html-current/doc/html/spec_html/ch36.html for the
options that are accepted. server_realm and server_service are two that I think
you are referring to.
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
