On 29/07/2021 22:39, Jan Catrysse via Exim-users wrote:
I am having some issues using a usern...@domain.tld kind of username in
Outlook and the Exim SPA authenticator.
It seems the domain part is stripped from the username and so I cannot
authenticate properly.
Is this a known problem? Can I fix this issue in any way?
On debug I find that a username like: username+domain.tld is passed
completely to the exim $auth1 variable, but with the @ in place I only get
the username part without the domain.
I have to consider that I am using the same username for Dovecot, so I
cannot just change my query to replace @ with something else.
Authenticator config:
SPA:
driver = spa
public_name = NTLM
server_password = ${lookup mysql{SELECT `password` FROM `users` WHERE
CONCAT_WS('@', `username`, `domain`) =
'${quote_mysql:$auth1}';}{$value}{fail}}
server_set_id = $auth1
server_debug_print = "Running SPA auth: $auth1"
Thank you,
Jan
The server-side spa code only writes $auth1 in one place, before
the call to evaluate the server_password. Since you're doing a
lookup, the use there should be visible in debug.
I assume it's wrong at that time.
The value being used appears to derive from data sent by the
client in response to a challenge from the server. There's enogh
code munging it I can't swear it won't fall over on an '@' -
but I don't see one mentioned explicitly.
Are you certain that the full string is being supplied by the client?
The docs chapter mentions that the domain is optional, so I could
imaging it being treated as a separate item. Unfortunately, it also
only describes $auth1 as getting the user name; no mention of the
domain around the same place.
Hmm. A relevant data structure does have separate fields "uUser" and "uDomain"
-
and the server-side code doesn't use it. The client-side code does.
OK, this has likely never worked. For now, you're out of luck with SPA.
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/