diff options
| author | Marc Haber <zugschlus@debian.org> | 2006-08-01 08:45:55 +0000 |
|---|---|---|
| committer | Marc Haber <zugschlus@debian.org> | 2006-08-01 08:45:55 +0000 |
| commit | bc375be9d14e629d9843daae276fed6c5400638c (patch) | |
| tree | 93938bad277d852133363a487249515ddf8b5075 | |
| parent | 02596d5f7c62483424824fc140880e11868505c7 (diff) | |
| download | exim4-bc375be9d14e629d9843daae276fed6c5400638c.tar.gz | |
* Adapt configuration to current upstream
+ add new comments to default authenticators
+ use $auth[123] instead of $[123] which are now deprecated
svn path=/exim/branches/4.62-3-experimental/; revision=1537
| -rw-r--r-- | debian/debconf/conf.d/auth/30_exim4-config_examples | 60 |
1 files changed, 36 insertions, 24 deletions
diff --git a/debian/debconf/conf.d/auth/30_exim4-config_examples b/debian/debconf/conf.d/auth/30_exim4-config_examples index f38714c..9d11930 100644 --- a/debian/debconf/conf.d/auth/30_exim4-config_examples +++ b/debian/debconf/conf.d/auth/30_exim4-config_examples @@ -21,22 +21,35 @@ # preferred over allowing clear text password based authenticators on # unencrypted connections. +# PLAIN authentication has no server prompts. The client sends its +# credentials in one lump, containing an authorization ID (which we do not +# use), an authentication ID, and a password. The latter two appear as +# $auth2 and $auth3 in the configuration and should be checked against a +# valid username and password. In a real configuration you would typically +# use $auth2 as a lookup key, and compare $auth3 against the result of the +# lookup, perhaps using the crypteq{}{} condition. + # plain_server: # driver = plaintext # public_name = PLAIN -# server_condition = "${if crypteq{$3}{${extract{1}{:}{${lookup{$2}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}" -# server_set_id = $2 +# server_condition = "${if crypteq{$auth3}{${extract{1}{:}{${lookup{$auth2}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}" +# server_set_id = $auth2 # server_prompts = : # .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS # server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}} # .endif -# + +# LOGIN authentication has traditional prompts and responses. There is no +# authorization ID in this mechanism, so unlike PLAIN the username and +# password are $auth1 and $auth2. Apart from that you can use the same +# server_condition setting for both authenticators. + # login_server: # driver = plaintext # public_name = LOGIN # server_prompts = "Username:: : Password::" -# server_condition = "${if crypteq{$2}{${extract{1}{:}{${lookup{$1}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}" -# server_set_id = $1 +# server_condition = "${if crypteq{$auth2}{${extract{1}{:}{${lookup{$auth1}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}" +# server_set_id = $auth1 # .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS # server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}} # .endif @@ -44,24 +57,24 @@ # cram_md5_server: # driver = cram_md5 # public_name = CRAM-MD5 -# server_secret = ${extract{2}{:}{${lookup{$1}lsearch{CONFDIR/passwd}{$value}fail}}} -# server_set_id = $1 +# server_secret = ${extract{2}{:}{${lookup{$auth1}lsearch{CONFDIR/passwd}{$value}fail}}} +# server_set_id = $auth1 # Here is an example of CRAM-MD5 authentication against PostgreSQL: # # psqldb_auth_server: # driver = cram_md5 # public_name = CRAM-MD5 -# server_secret = ${lookup pgsql{SELECT pw FROM users WHERE username = '${quote_pgsql:$1}'}{$value}fail} -# server_set_id = $1 +# server_secret = ${lookup pgsql{SELECT pw FROM users WHERE username = '${quote_pgsql:$auth1}'}{$value}fail} +# server_set_id = $auth1 # Authenticate against local passwords using sasl2-bin # Requires exim_uid to be a member of sasl group, see README.Debian.gz # plain_saslauthd_server: # driver = plaintext # public_name = PLAIN -# server_condition = ${if saslauthd{{$2}{$3}}{1}{0}} -# server_set_id = $2 +# server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}} +# server_set_id = $auth2 # server_prompts = : # .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS # server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}} @@ -72,8 +85,8 @@ # public_name = LOGIN # server_prompts = "Username:: : Password::" # # don't send system passwords over unencrypted connections -# server_condition = ${if saslauthd{{$1}{$2}}{1}{0}} -# server_set_id = $1 +# server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}} +# server_set_id = $auth1 # .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS # server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}} # .endif @@ -82,7 +95,7 @@ # driver = cyrus_sasl # public_name = NTLM # server_realm = <short main hostname> -# server_set_id = $1 +# server_set_id = $auth1 # .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS # server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}} # .endif @@ -91,26 +104,25 @@ # driver = cyrus_sasl # public_name = DIGEST-MD5 # server_realm = <short main hostname> -# server_set_id = $1 +# server_set_id = $auth1 # .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS # server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}} # .endif # Authentcate against cyrus-sasl # This is mainly untested, please report any problems to -# pkg-exim4-users@lists.alioth.debian.org. If you have success with -# using these authenticators until May 1 2005, please report as well. +# pkg-exim4-users@lists.alioth.debian.org. # cram_md5_sasl_server: # driver = cyrus_sasl # public_name = CRAM-MD5 # server_realm = <short main hostname> -# server_set_id = $1 +# server_set_id = $auth1 # # plain_sasl_server: # driver = cyrus_sasl # public_name = PLAIN # server_realm = <short main hostname> -# server_set_id = $1 +# server_set_id = $auth1 # .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS # server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}} # .endif @@ -119,7 +131,7 @@ # driver = cyrus_sasl # public_name = LOGIN # server_realm = <short main hostname> -# server_set_id = $1 +# server_set_id = $auth1 # .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS # server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}} # .endif @@ -135,10 +147,10 @@ # server_condition = \ # ${extract {ADDRESS} \ # {${readsocket{/var/run/courier/authdaemon/socket} \ -# {AUTH ${strlen:exim\nlogin\n$2\n$3\n}\nexim\nlogin\n$2\n$3\n} }} \ +# {AUTH ${strlen:exim\nlogin\n$auth2\n$auth3\n}\nexim\nlogin\n$auth2\n$auth3\n} }} \ # {yes} \ # fail} -# server_set_id = $2 +# server_set_id = $auth2 # .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS # server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}} # .endif @@ -150,10 +162,10 @@ # server_condition = \ # ${extract {ADDRESS} \ # {${readsocket{/var/run/courier/authdaemon/socket} \ -# {AUTH ${strlen:exim\nlogin\n$1\n$2\n}\nexim\nlogin\n$1\n$2\n} }} \ +# {AUTH ${strlen:exim\nlogin\n$auth1\n$auth2\n}\nexim\nlogin\n$auth1\n$auth2\n} }} \ # {yes} \ # fail} -# server_set_id = $1 +# server_set_id = $auth1 # .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS # server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}} # .endif |