<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html401/loose.dtd">
<html>
<!-- Created on September, 10 2009 by texi2html 1.78 -->
<!--
Written by: Lionel Cons <Lionel.Cons@cern.ch> (original author)
Karl Berry <karl@freefriends.org>
Olaf Bachmann <obachman@mathematik.uni-kl.de>
and many others.
Maintained by: Many creative people.
Send bugs and suggestions to <texi2html-bug@nongnu.org>
-->
<head>
<title>Specification of the Exim Mail Transfer Agent: 38. The spa authenticator</title>
<meta name="description" content="Specification of the Exim Mail Transfer Agent: 38. The spa authenticator">
<meta name="keywords" content="Specification of the Exim Mail Transfer Agent: 38. The spa authenticator">
<meta name="resource-type" content="document">
<meta name="distribution" content="global">
<meta name="Generator" content="texi2html 1.78">
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<style type="text/css">
<!--
a.summary-letter {text-decoration: none}
pre.display {font-family: serif}
pre.format {font-family: serif}
pre.menu-comment {font-family: serif}
pre.menu-preformatted {font-family: serif}
pre.smalldisplay {font-family: serif; font-size: smaller}
pre.smallexample {font-size: smaller}
pre.smallformat {font-family: serif; font-size: smaller}
pre.smalllisp {font-size: smaller}
span.roman {font-family:serif; font-weight:normal;}
span.sansserif {font-family:sans-serif; font-weight:normal;}
ul.toc {list-style: none}
-->
</style>
</head>
<body lang="en" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#800080" alink="#FF0000">
<a name="The-spa-authenticator"></a>
<a name="SEC291"></a>
<table cellpadding="1" cellspacing="1" border="0">
<tr><td valign="middle" align="left">[<a href="spec_37.html#SEC290" title="Previous section in reading order"> < </a>]</td>
<td valign="middle" align="left">[<a href="#SEC292" title="Next section in reading order"> > </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="spec_37.html#SEC290" title="Beginning of this chapter or previous chapter"> << </a>]</td>
<td valign="middle" align="left">[<a href="spec.html#SEC_Top" title="Up section"> Up </a>]</td>
<td valign="middle" align="left">[<a href="spec_39.html#SEC294" title="Next chapter"> >> </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="spec.html#SEC_Top" title="Cover (top) of document">Top</a>]</td>
<td valign="middle" align="left">[Contents]</td>
<td valign="middle" align="left">[<a href="spec_55.html#SEC493" title="Index">Index</a>]</td>
<td valign="middle" align="left">[<a href="spec_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
</tr></table>
<h1 class="chapter"> 38. The spa authenticator </h1>
<p>The <code>spa</code> authenticator provides client support for Microsoft's <em>Secure
Password Authentication</em> mechanism,
which is also sometimes known as NTLM (NT LanMan). The code for client side of
this authenticator was contributed by Marc Prud'hommeaux, and much of it is
taken from the Samba project (<strong><a href="http://www.samba.org">http://www.samba.org</a></strong>). The code for the
server side was subsequently contributed by Tom Kistner. The mechanism works as
follows:
</p>
<ul class="toc">
<li>
After the AUTH command has been accepted, the client sends an SPA
authentication request based on the user name and optional domain.
</li><li>
The server sends back a challenge.
</li><li>
The client builds a challenge response which makes use of the user's password
and sends it to the server, which then accepts or rejects it.
</li></ul>
<p>Encryption is used to protect the password in transit.
</p>
<table class="menu" border="0" cellspacing="0">
<tr><td align="left" valign="top"><a href="#SEC292">38.1 Using spa as a server</a></td><td> </td><td align="left" valign="top">
</td></tr>
<tr><td align="left" valign="top"><a href="#SEC293">38.2 Using spa as a client</a></td><td> </td><td align="left" valign="top">
</td></tr>
</table>
<hr size="6">
<a name="Using-spa-as-a-server"></a>
<a name="SEC292"></a>
<table cellpadding="1" cellspacing="1" border="0">
<tr><td valign="middle" align="left">[<a href="#SEC291" title="Previous section in reading order"> < </a>]</td>
<td valign="middle" align="left">[<a href="#SEC293" title="Next section in reading order"> > </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="#SEC291" title="Beginning of this chapter or previous chapter"> << </a>]</td>
<td valign="middle" align="left">[<a href="#SEC291" title="Up section"> Up </a>]</td>
<td valign="middle" align="left">[<a href="spec_39.html#SEC294" title="Next chapter"> >> </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="spec.html#SEC_Top" title="Cover (top) of document">Top</a>]</td>
<td valign="middle" align="left">[Contents]</td>
<td valign="middle" align="left">[<a href="spec_55.html#SEC493" title="Index">Index</a>]</td>
<td valign="middle" align="left">[<a href="spec_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
</tr></table>
<h2 class="section"> 38.1 Using spa as a server </h2>
<p>The <code>spa</code> authenticator has just one server option:
</p>
<a name="IDX2456"></a>
<table>
<tr><td>
<p><code>server_password</code></p></td><td><p> Use: <em>spa</em></p></td><td><p> Type: <em>string</em>*<em></em></p></td><td><p> Default: <em>unset</em>
</p></td></tr>
</table>
<a name="IDX2457"></a>
<p>This option is expanded, and the result must be the cleartext password for the
authenticating user, whose name is at this point in <code>$auth1</code>. For
compatibility with previous releases of Exim, the user name is also placed in
<code>$1</code>. However, the use of this variable for this purpose is now deprecated, as
it can lead to confusion in string expansions that also use numeric variables
for other things. For example:
</p>
<table><tr><td> </td><td><pre class="example">spa:
driver = spa
public_name = NTLM
server_password = \
${lookup{$auth1}lsearch{/etc/exim/spa_clearpass}{$value}fail}
</pre></td></tr></table>
<p>If the expansion is forced to fail, authentication fails. Any other expansion
failure causes a temporary error code to be returned.
</p>
<hr size="6">
<a name="Using-spa-as-a-client"></a>
<a name="SEC293"></a>
<table cellpadding="1" cellspacing="1" border="0">
<tr><td valign="middle" align="left">[<a href="#SEC292" title="Previous section in reading order"> < </a>]</td>
<td valign="middle" align="left">[<a href="spec_39.html#SEC294" title="Next section in reading order"> > </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="#SEC291" title="Beginning of this chapter or previous chapter"> << </a>]</td>
<td valign="middle" align="left">[<a href="#SEC291" title="Up section"> Up </a>]</td>
<td valign="middle" align="left">[<a href="spec_39.html#SEC294" title="Next chapter"> >> </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="spec.html#SEC_Top" title="Cover (top) of document">Top</a>]</td>
<td valign="middle" align="left">[Contents]</td>
<td valign="middle" align="left">[<a href="spec_55.html#SEC493" title="Index">Index</a>]</td>
<td valign="middle" align="left">[<a href="spec_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
</tr></table>
<h2 class="section"> 38.2 Using spa as a client </h2>
<p>The <code>spa</code> authenticator has the following client options:
</p>
<a name="IDX2458"></a>
<table>
<tr><td>
<p><code>client_domain</code></p></td><td><p> Use: <em>spa</em></p></td><td><p> Type: <em>string</em>*<em></em></p></td><td><p> Default: <em>unset</em>
</p></td></tr>
</table>
<p>This option specifies an optional domain for the authentication.
</p>
<a name="IDX2459"></a>
<table>
<tr><td>
<p><code>client_password</code></p></td><td><p> Use: <em>spa</em></p></td><td><p> Type: <em>string</em>*<em></em></p></td><td><p> Default: <em>unset</em>
</p></td></tr>
</table>
<p>This option specifies the user's password, and must be set.
</p>
<a name="IDX2460"></a>
<table>
<tr><td>
<p><code>client_username</code></p></td><td><p> Use: <em>spa</em></p></td><td><p> Type: <em>string</em>*<em></em></p></td><td><p> Default: <em>unset</em>
</p></td></tr>
</table>
<p>This option specifies the user name, and must be set. Here is an example of a
configuration of this authenticator for use with the mail servers at
<em>msn.com</em>:
</p>
<table><tr><td> </td><td><pre class="example">msn:
driver = spa
public_name = MSN
client_username = msn/msn_username
client_password = msn_plaintext_password
client_domain = DOMAIN_OR_UNSET
</pre></td></tr></table>
<a name="IDX2461"></a>
<a name="IDX2462"></a>
<hr size="6">
<table cellpadding="1" cellspacing="1" border="0">
<tr><td valign="middle" align="left">[<a href="#SEC291" title="Beginning of this chapter or previous chapter"> << </a>]</td>
<td valign="middle" align="left">[<a href="spec_39.html#SEC294" title="Next chapter"> >> </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="spec.html#SEC_Top" title="Cover (top) of document">Top</a>]</td>
<td valign="middle" align="left">[Contents]</td>
<td valign="middle" align="left">[<a href="spec_55.html#SEC493" title="Index">Index</a>]</td>
<td valign="middle" align="left">[<a href="spec_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
</tr></table>
<p>
<font size="-1">
This document was generated on <i>September, 10 2009</i> using <a href="http://www.nongnu.org/texi2html/"><i>texi2html 1.78</i></a>.
</font>
<br>
</p>
</body>
</html>
distrib
>
Mandriva
>
2010.0
>
i586
>
media
>
contrib-release
>
by-pkgid
>
a4080654d049ad31b216b761b9173c1f
>
files
>
141
