On 2013-05-21, Fabien Wang <[email protected]> wrote:
> Hello,
>
> Currently using Exim version 4.80.1 #2,
>
> I'm using mysql authentification, it works great with plaintext passwords.
>
> I would like to use it with SHA1 encoded passwords, is it possible?
yes, but only for the authenticators that pass the password in the clear.
(so, not for cram_md5 or ntlm)
> yes, how?
It's easy, don't use "${if", "${lookup mysql" is sufficient.
You also need to fix your SQL injection vulnerability.
condition you want takes the form
condition = ${lookup mysql{SELECT 'yes' from account where \
domain = '${quote_mysql:$1}' and \
useranme = '${quote_mysql:$2}' and \
password_hash = md5('${quote_mysql:$3}') }{$value}{no}}
--
⚂⚃ 100% natural
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
