diff options
Diffstat (limited to 'conf.d/070_authenticators.conf')
| -rw-r--r-- | conf.d/070_authenticators.conf | 32 |
1 files changed, 24 insertions, 8 deletions
diff --git a/conf.d/070_authenticators.conf b/conf.d/070_authenticators.conf index 93a6ce2..f64796b 100644 --- a/conf.d/070_authenticators.conf +++ b/conf.d/070_authenticators.conf | |||
| @@ -19,12 +19,6 @@ | |||
| 19 | 19 | ||
| 20 | begin authenticators | 20 | begin authenticators |
| 21 | 21 | ||
| 22 | .ifdef USERLIST | ||
| 23 | AUTH_CHECK = ${if crypteq{$auth3}{${lookup{$auth2}lsearch{USERLIST}}} {yes}{no}} | ||
| 24 | .else | ||
| 25 | AUTH_CHECK = ${if pam{$auth2:${sg{$auth3}{:}{::}}} {yes}{no}} | ||
| 26 | .endif | ||
| 27 | |||
| 28 | # PLAIN authentication has no server prompts. The client sends its | 22 | # PLAIN authentication has no server prompts. The client sends its |
| 29 | # credentials in one lump, containing an authorization ID (which we do not | 23 | # credentials in one lump, containing an authorization ID (which we do not |
| 30 | # use), an authentication ID, and a password. The latter two appear as | 24 | # use), an authentication ID, and a password. The latter two appear as |
| @@ -33,13 +27,35 @@ AUTH_CHECK = ${if pam{$auth2:${sg{$auth3}{:}{::}}} {yes}{no}} | |||
| 33 | # use $auth2 as a lookup key, and compare $auth3 against the result of the | 27 | # use $auth2 as a lookup key, and compare $auth3 against the result of the |
| 34 | # lookup, perhaps using the crypteq{}{} condition. | 28 | # lookup, perhaps using the crypteq{}{} condition. |
| 35 | 29 | ||
| 36 | PLAIN: | 30 | .ifdef USERLIST |
| 31 | virtual_plain: | ||
| 37 | driver = plaintext | 32 | driver = plaintext |
| 38 | public_name = PLAIN | 33 | public_name = PLAIN |
| 39 | server_prompts = : | 34 | server_prompts = : |
| 40 | server_set_id = $auth2 | 35 | server_set_id = $auth2 |
| 41 | server_condition = AUTH_CHECK | 36 | server_condition = ${if crypteq{$auth3}{${lookup{$auth2}lsearch{USERLIST}}} {yes}{no}} |
| 42 | server_advertise_condition = ${if ={587}{$interface_port} {yes}{no}} | 37 | server_advertise_condition = ${if ={587}{$interface_port} {yes}{no}} |
| 38 | .endif | ||
| 39 | |||
| 40 | .ifdef ENABLE_PAM_AUTH | ||
| 41 | pam_plain: | ||
| 42 | driver = plaintext | ||
| 43 | public_name = PLAIN | ||
| 44 | server_prompts = : | ||
| 45 | server_set_id = $auth2 | ||
| 46 | server_condition = ${if pam{$auth2:${sg{$auth3}{:}{::}}} {yes}{no}} | ||
| 47 | server_advertise_condition = ${if ={587}{$interface_port} {yes}{no}} | ||
| 48 | .endif | ||
| 49 | |||
| 50 | .ifdef DOVECOT_AUTH_SOCKET | ||
| 51 | dovecot_plain: | ||
| 52 | driver = dovecot | ||
| 53 | public_name = PLAIN | ||
| 54 | server_set_id = $auth1 | ||
| 55 | server_socket = DOVECOT_AUTH_SOCKET | ||
| 56 | server_advertise_condition = ${if ={587}{$interface_port} {yes}{no}} | ||
| 57 | .endif | ||
| 58 | |||
| 43 | 59 | ||
| 44 | # LOGIN authentication has traditional prompts and responses. There is no | 60 | # LOGIN authentication has traditional prompts and responses. There is no |
| 45 | # authorization ID in this mechanism, so unlike PLAIN the username and | 61 | # authorization ID in this mechanism, so unlike PLAIN the username and |