Package: exim4
Version: 4.50-4
Severity: wishlist
The sasl authentication examples should be updated for the cyrus_sasl
authenticator.
Here's what I use:
,----
| cram_md5_sasl_server:
| driver = cyrus_sasl
| public_name = CRAM-MD5
| server_realm = <short main hostname>
| server_set_id = $1
|
| plain_sasl_server:
| driver = cyrus_sasl
| public_name = PLAIN
| server_realm = <short main hostname>
| # don't send system passwords over unencrypted connections
| server_advertise_condition = ${if eq{$tls_cipher}{}{0}{1}}
| server_set_id = $1
|
| login_sasl_server:
| driver = cyrus_sasl
| public_name = LOGIN
| server_realm = <short main hostname>
| # don't send system passwords over unencrypted connections
| server_advertise_condition = ${if eq{$tls_cipher}{}{0}{1}}
| server_set_id = $1
`----
I'm not sure if using the short hostname as relam will work for
everybody switching to cyrus_sasl from plaintext/saslauthd. At least
on my systems, the plaintest/saslauthd combination used it as the
realm by default.
Note that the server_advertise_condition is untested. (I only accept
'verify = certificate' in my acl_smtp_auth.)
Juergen
--
Juergen Kreileder, Blackdown Java-Linux Team
http://blog.blackdown.de/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
