Package: exim4 Tags: patch Hi!
The patch below links exim4-daemon-heavy to libgsasl to enable the 'gsasl' authenticator support in exim, see: https://exim.org/exim-html-current/doc/html/spec_html/ch-the_gsasl_authenticator.html This makes it possible to enable SCRAM-SHA-1 and SCRAM-SHA-256 in Exim via libgsasl. Any chance this could make it into bullseye? Thanks :) I have done some testing using a minimal gsasl driver, and it seems to work. Configuration on the server side: root@sid:/etc/exim4# cat conf.d/auth/50-sid gsasl: driver = gsasl public_name = SCRAM-SHA-1 server_password = foo server_set_id = ${quote:$auth1} server_condition = yes root@sid:/etc/exim4# Client side works: jas@latte:~$ LANG=C gsasl x.y.z.q 587 --no-starttls --mechanism SCRAM-SHA-1 -a jas --password foo -d Trying 'x.y.z.q'... 220 sid ESMTP Exim 4.94 Sat, 23 Jan 2021 22:20:48 +0000 EHLO [127.0.0.1] 250-sid Hello ... 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH SCRAM-SHA-1 250-CHUNKING 250-STARTTLS 250-PRDR 250 HELP AUTH SCRAM-SHA-1 334 biwsbj1qYXMscj1oOEh0TmFxci9UclA4eDlrbHlOeFhQTWc= 334 cj1oOEh0TmFxci9UclA4eDlrbHlOeFhQTWdPYkNqUnQ2OFU1Y0pJblR5ZWtyam12aVEscz15QnU1N3JNN3RwenFlNUpiLGk9NDA5Ng== Yz1iaXdzLHI9aDhIdE5hcXIvVHJQOHg5a2x5TnhYUE1nT2JDalJ0NjhVNWNKSW5UeWVrcmptdmlRLHA9V1hVWGliY05tYTVZMk9UVExqQnlmWUNJT1NVPQ== 334 dj1pNkgzeW9IWWhVTXJxdERYd3VPaURYM0t6T2s9 235 Authentication succeeded Client authentication finished (server trusted)... Session finished... QUIT 221 sid closing connection jas@latte:~$ /Simon
diff --git a/debian/EDITME.exim4-heavy.diff b/debian/EDITME.exim4-heavy.diff index b95c091d..d9943647 100644 --- a/debian/EDITME.exim4-heavy.diff +++ b/debian/EDITME.exim4-heavy.diff @@ -76,7 +76,7 @@ # If you have content scanning you may wish to only include some of the scanner # interfaces. Uncomment any of these lines to remove that code. -@@ -757,8 +760,8 @@ +@@ -757,9 +760,9 @@ # configuration to make use of the mechanism(s) selected. AUTH_CRAM_MD5=yes @@ -85,8 +85,10 @@ +AUTH_CYRUS_SASL=yes +AUTH_DOVECOT=yes # AUTH_EXTERNAL=yes - # AUTH_GSASL=yes +-# AUTH_GSASL=yes ++AUTH_GSASL=yes # AUTH_GSASL_PC=libgsasl + # AUTH_HEIMDAL_GSSAPI=yes @@ -766,8 +769,8 @@ # AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi # AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5 @@ -103,7 +105,7 @@ # Ditto for AUTH_HEIMDAL_GSSAPI(_PC). -# AUTH_LIBS=-lsasl2 -+AUTH_LIBS=-lsasl2 ++AUTH_LIBS=-lsasl2 -lgsasl # AUTH_LIBS=-lgsasl # AUTH_LIBS=-lgssapi -lheimntlm -lkrb5 -lhx509 -lcom_err -lhcrypto -lasn1 -lwind -lroken -lcrypt diff --git a/debian/changelog b/debian/changelog index fa073995..681abcbd 100644 diff --git a/debian/control b/debian/control index 31390e45..5ef32e4a 100644 --- a/debian/control +++ b/debian/control @@ -17,6 +17,7 @@ Build-Depends: docbook-xsl, libdb5.3-dev, libgnutls28-dev (>= 3.5.7), + libgsasl7-dev, libident-dev, libidn11-dev, libidn2-dev,
signature.asc
Description: PGP signature
