Fallback on PAM if no USERLIST

author: pacien 2018-09-12 23:58:06 +0200
committer: pacien 2018-09-12 23:58:06 +0200
commit: 1b2ad5db7b4ed518bd732d2ae35cd552354ec1aa (patch)
tree: 720f36061bedfdd1a705e2053a81c187b4199a5b /conf.d
parent: 1ace64ebd0b6ad6fce1ef9cdb7ffbaf4e5a481e0 (diff)
download: exim-1b2ad5db7b4ed518bd732d2ae35cd552354ec1aa.tar.gz
1 files changed, 7 insertions, 1 deletions
diff --git a/conf.d/070_authenticators.conf b/conf.d/070_authenticators.conf
index adc08c2..93a6ce2 100644
--- a/conf.d/070_authenticators.conf
+++ b/conf.d/070_authenticators.conf
@@ -19,6 +19,12 @@
 begin authenticators
+.ifdef USERLIST
+AUTH_CHECK = ${if crypteq{$auth3}{${lookup{$auth2}lsearch{USERLIST}}} {yes}{no}}
+.else
+AUTH_CHECK = ${if pam{$auth2:${sg{$auth3}{:}{::}}} {yes}{no}}
+.endif
 # PLAIN authentication has no server prompts. The client sends its
 # credentials in one lump, containing an authorization ID (which we do not
 # use), an authentication ID, and a password. The latter two appear as
@@ -32,7 +38,7 @@ PLAIN:
  public_name                = PLAIN
  server_prompts             = :
  server_set_id              = $auth2
-  server_condition           = ${if crypteq{$auth3}{${lookup{$auth2}lsearch{USERLIST}}} {yes}{no}}
+  server_condition           = AUTH_CHECK
  server_advertise_condition = ${if ={587}{$interface_port} {yes}{no}}
 # LOGIN authentication has traditional prompts and responses. There is no
author	pacien	2018-09-12 23:58:06 +0200
committer	pacien	2018-09-12 23:58:06 +0200
commit	1b2ad5db7b4ed518bd732d2ae35cd552354ec1aa (patch)
tree	720f36061bedfdd1a705e2053a81c187b4199a5b /conf.d
parent	1ace64ebd0b6ad6fce1ef9cdb7ffbaf4e5a481e0 (diff)
download	exim-1b2ad5db7b4ed518bd732d2ae35cd552354ec1aa.tar.gz