Bug#299732: exim4: Add examples for cyrus_sasl authenticator

Juergen Kreileder Juergen Kreileder <jk@blackdown.de>, 299732@bugs.debian.org
Sat, 19 Mar 2005 08:38:16 +0100


Marc Haber <mh+debian-packages@zugschlus.de> writes:

> On Sat, Mar 19, 2005 at 05:39:52AM +0100, Juergen Kreileder wrote:
>> I've tested two more methods with smtptest:
>>
>> ,----
>>> ntlm_sasl_server:
>>> driver = cyrus_sasl
>>> public_name = NTLM
>>> server_realm = <short main hostname>
>>> ## don't send system passwords over unencrypted connections
>>> #server_advertise_condition = ${if eq{$tls_cipher}{}{0}{1}}
>>> server_set_id = $1
>>>
>>> digest_md5_sasl_server:
>>> driver = cyrus_sasl
>>> public_name = DIGEST-MD5
>>> server_realm = <short main hostname>
>>> ## don't send system passwords over unencrypted connections
>>> #server_advertise_condition = ${if eq{$tls_cipher}{}{0}{1}}
>>> server_set_id = $1
>> `----
>
> So you're suggesting to put these below the login_sasl_server
> authenticator in 30_exim4-config_examples, as seen in
> http://svn.debian.org/wsvn/pkg-exim4/exim/trunk/debian/debconf/conf.d/auth/30_exim4-config_examples?op=file&rev=0&sc=0,
> right?

The order doesn't really matter, it's up to the client to choose one
of the availabe mechs for authentication.

The only important point is 'server_advertise_condition = ...',
authenticators with that line will only be available after STARTTLS.
Others will be available over unencrypted connections too.


        Juergen

-- 
Juergen Kreileder, Blackdown Java-Linux Team
http://blog.blackdown.de/