Bug#299732: exim4: Add examples for cyrus_sasl authenticator
Juergen Kreileder
Juergen Kreileder <jk@blackdown.de>, 299732@bugs.debian.org
Wed, 16 Mar 2005 03:40:36 +0100
Package: exim4
Version: 4.50-4
Severity: wishlist
The sasl authentication examples should be updated for the cyrus_sasl
authenticator.
Here's what I use:
,----
| cram_md5_sasl_server:
| driver = cyrus_sasl
| public_name = CRAM-MD5
| server_realm = <short main hostname>
| server_set_id = $1
|
| plain_sasl_server:
| driver = cyrus_sasl
| public_name = PLAIN
| server_realm = <short main hostname>
| # don't send system passwords over unencrypted connections
| server_advertise_condition = ${if eq{$tls_cipher}{}{0}{1}}
| server_set_id = $1
|
| login_sasl_server:
| driver = cyrus_sasl
| public_name = LOGIN
| server_realm = <short main hostname>
| # don't send system passwords over unencrypted connections
| server_advertise_condition = ${if eq{$tls_cipher}{}{0}{1}}
| server_set_id = $1
`----
I'm not sure if using the short hostname as relam will work for
everybody switching to cyrus_sasl from plaintext/saslauthd. At least
on my systems, the plaintest/saslauthd combination used it as the
realm by default.
Note that the server_advertise_condition is untested. (I only accept
'verify = certificate' in my acl_smtp_auth.)
Juergen
--
Juergen Kreileder, Blackdown Java-Linux Team
http://blog.blackdown.de/