Update exim4 auth config to handle LOGIN

[hcoop/zz_old/config/exim4-hopper.git] / conf.d / auth / 30_exim4-config_examples

diff --git a/conf.d/auth/30_exim4-config_examples b/conf.d/auth/30_exim4-config_examples
index fdb35c2..b228b4c 100644 (file)
--- a/conf.d/auth/30_exim4-config_examples
+++ b/conf.d/auth/30_exim4-config_examples
@@ -210,7 +210,9 @@ cram_md5:
   client_name = ${extract{1}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
   client_secret = ${extract{2}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
 
-# hcoop-change: Authenticate against /etc/courier/exim.dat
+# hcoop-change: Authenticate against /etc/courier/exim.dat for plain
+# and login authenticators
+
 userdb_plain:
   driver = plaintext
   public_name = PLAIN
@@ -225,6 +227,21 @@ userdb_plain:
     }
   server_set_id = $2
 
+userdb_login:
+  driver = plaintext
+  public_name = LOGIN
+  server_prompts = "Username:: : Password::"
+  server_condition = \
+    ${if \
+      crypteq {$2} \
+              {${extract{systempw}{${tr{${lookup{$1} \
+                                 dbm{/etc/courier/exim.dat} \
+                           }}{|}{ }}}}} \
+      {yes} \
+      {no} \
+    }
+  server_set_id = $1
+
 # this returns the matching line from passwd.client and doubles all ^
 PASSWDLINE=${sg{\
                 ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}\
@@ -233,8 +250,8 @@ PASSWDLINE=${sg{\
                {^^}\
            }
 
-# hcoop-change: Comment out plain authenticator
-#
+# hcoop-change: Comment out plain and login authenticators
+
 # plain:
 #   driver = plaintext
 #   public_name = PLAIN
@@ -248,24 +265,24 @@ PASSWDLINE=${sg{\
 #                  ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
 # .endif
 
-login:
-  driver = plaintext
-  public_name = LOGIN
-.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
-  # Return empty string if not non-TLS AND looking up $host in passwd-file
-  # yields a non-empty string; fail otherwise.
-  client_send = "<; ${if and{\
-                          {!eq{$tls_cipher}{}}\
-                          {!eq{PASSWDLINE}{}}\
-                         }\
-                      {}fail}\
-                 ; ${extract{1}{::}{PASSWDLINE}}\
-                ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
-.else
-  # Return empty string if looking up $host in passwd-file yields a
-  # non-empty string; fail otherwise.
-  client_send = "<; ${if !eq{PASSWDLINE}{}\
-                      {}fail}\
-                 ; ${extract{1}{::}{PASSWDLINE}}\
-                ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
-.endif
+# login:
+#   driver = plaintext
+#   public_name = LOGIN
+# .ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
+#   # Return empty string if not non-TLS AND looking up $host in passwd-file
+#   # yields a non-empty string; fail otherwise.
+#   client_send = "<; ${if and{\
+#                           {!eq{$tls_cipher}{}}\
+#                           {!eq{PASSWDLINE}{}}\
+#                          }\
+#                       {}fail}\
+#                  ; ${extract{1}{::}{PASSWDLINE}}\
+#               ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
+# .else
+#   # Return empty string if looking up $host in passwd-file yields a
+#   # non-empty string; fail otherwise.
+#   client_send = "<; ${if !eq{PASSWDLINE}{}\
+#                       {}fail}\
+#                  ; ${extract{1}{::}{PASSWDLINE}}\
+#               ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
+# .endif