begin authenticators ######################################################################### plain_server: # This authenticator implements the PLAIN authentication mechanism # (RFC2595). Since the password is transmitted essentially as clear # text, a user can only authenticate if the session is encrypted using # TLS. The user name and password is first checked against # /etc/exim4/passwd, then against the system database using PAM (in # that order). driver = plaintext public_name = PLAIN server_advertise_condition = ${if eq{$tls_cipher}{}{false}{true}} server_prompts = : server_set_id = $auth2 server_condition = "\ ${if exists{CONFDIR/passwd}\ {${lookup{$auth2}lsearch{CONFDIR/passwd}\ {${if crypteq{$auth3}{\\\{md5\\\}${extract{1}{:}{$value}{$value}fail}}\ {true}{false} }}\ {${if pam{$auth2:${sg{$auth3}{:}{::}} }\ {true}{false}} } }}\ {${if pam{$auth2:${sg{$auth3}{:}{::}} }\ {true}{false}} }}" ######################################################################### login_server: # This authenticator implements the LOGIN authentication mechanism. # Since the password is transmitted essentially as clear text, a user # can only authenticate if the session is encrypted using TLS. The # user name and password is first checked against /etc/exim4/passwd, # then against the system database using PAM (in that order). driver = plaintext public_name = LOGIN server_advertise_condition = ${if eq{$tls_cipher}{}{false}{true}} server_prompts = Username:: : Password:: server_set_id = $auth1 server_condition = "\ ${if exists{CONFDIR/passwd}\ {${lookup{$1}lsearch{CONFDIR/passwd}\ {${if crypteq{$auth2}{\\\{md5\\\}${extract{1}{:}{$value}{$value}fail}}\ {true}{false} }}\ {${if pam{$auth1:${sg{$auth2}{:}{::}} }\ {true}{false}} } }}\ {${if pam{$auth1:${sg{$auth2}{:}{::}} }\ {true}{false}} }}"