On 29/07/2021 22:39, Jan Catrysse via Exim-users wrote:
I am having some issues using a usern...@domain.tld kind of username in Outlook and the Exim SPA authenticator.It seems the domain part is stripped from the username and so I cannot authenticate properly. Is this a known problem? Can I fix this issue in any way? On debug I find that a username like: username+domain.tld is passed completely to the exim $auth1 variable, but with the @ in place I only get the username part without the domain. I have to consider that I am using the same username for Dovecot, so I cannot just change my query to replace @ with something else. Authenticator config: SPA: driver = spa public_name = NTLM server_password = ${lookup mysql{SELECT `password` FROM `users` WHERE CONCAT_WS('@', `username`, `domain`) = '${quote_mysql:$auth1}';}{$value}{fail}} server_set_id = $auth1 server_debug_print = "Running SPA auth: $auth1" Thank you, Jan
The server-side spa code only writes $auth1 in one place, before the call to evaluate the server_password. Since you're doing a lookup, the use there should be visible in debug. I assume it's wrong at that time. The value being used appears to derive from data sent by the client in response to a challenge from the server. There's enogh code munging it I can't swear it won't fall over on an '@' - but I don't see one mentioned explicitly. Are you certain that the full string is being supplied by the client? The docs chapter mentions that the domain is optional, so I could imaging it being treated as a separate item. Unfortunately, it also only describes $auth1 as getting the user name; no mention of the domain around the same place. Hmm. A relevant data structure does have separate fields "uUser" and "uDomain" - and the server-side code doesn't use it. The client-side code does. OK, this has likely never worked. For now, you're out of luck with SPA. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
