Bug#980893: [PATCH] Support SCRAM-SHA-1 etc via libgsasl

Simon Josefsson simon at josefsson.org
Sat Jan 23 22:23:39 GMT 2021 

Package: exim4
Tags: patch

Hi!

The patch below links exim4-daemon-heavy to libgsasl to enable the
'gsasl' authenticator support in exim, see:

https://exim.org/exim-html-current/doc/html/spec_html/ch-the_gsasl_authenticator.html

This makes it possible to enable SCRAM-SHA-1 and SCRAM-SHA-256 in Exim
via libgsasl.

Any chance this could make it into bullseye?  Thanks :)

I have done some testing using a minimal gsasl driver, and it seems to
work.  Configuration on the server side:

root at sid:/etc/exim4# cat conf.d/auth/50-sid
gsasl:
  driver = gsasl
  public_name = SCRAM-SHA-1
  server_password = foo
  server_set_id = ${quote:$auth1}
  server_condition = yes
root at sid:/etc/exim4# 

Client side works:

jas at latte:~$ LANG=C gsasl x.y.z.q 587 --no-starttls --mechanism SCRAM-SHA-1 -a jas --password foo -d
Trying 'x.y.z.q'...
220 sid ESMTP Exim 4.94 Sat, 23 Jan 2021 22:20:48 +0000
EHLO [127.0.0.1]
250-sid Hello ...
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-PIPE_CONNECT
250-AUTH SCRAM-SHA-1
250-CHUNKING
250-STARTTLS
250-PRDR
250 HELP
AUTH SCRAM-SHA-1
334 
biwsbj1qYXMscj1oOEh0TmFxci9UclA4eDlrbHlOeFhQTWc=
334 cj1oOEh0TmFxci9UclA4eDlrbHlOeFhQTWdPYkNqUnQ2OFU1Y0pJblR5ZWtyam12aVEscz15QnU1N3JNN3RwenFlNUpiLGk9NDA5Ng==
Yz1iaXdzLHI9aDhIdE5hcXIvVHJQOHg5a2x5TnhYUE1nT2JDalJ0NjhVNWNKSW5UeWVrcmptdmlRLHA9V1hVWGliY05tYTVZMk9UVExqQnlmWUNJT1NVPQ==
334 dj1pNkgzeW9IWWhVTXJxdERYd3VPaURYM0t6T2s9

235 Authentication succeeded
Client authentication finished (server trusted)...
Session finished...
QUIT
221 sid closing connection
jas at latte:~$ 

/Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Support-gsasl-authenticators.patch
Type: text/x-diff
Size: 1403 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-exim4-maintainers/attachments/20210123/0d79d1fb/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-exim4-maintainers/attachments/20210123/0d79d1fb/attachment.sig>

More information about the Pkg-exim4-maintainers mailing list