GSASL: provide $autnN for scram option expansions
[exim.git] / test / confs / 3820
1 # Exim test configuration 3820
2
3 SERVER=
4
5 .ifdef TRUSTED
6 .include DIR/aux-var/tls_conf_prefix
7 .else
8 .include DIR/aux-var/std_conf_prefix
9 .endif
10
11 primary_hostname = myhost.test.ex
12 tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
13
14 # ----- Main settings -----
15
16 acl_smtp_rcpt = accept
17 queue_only
18
19
20 begin routers
21
22 client_r:
23   driver =      accept
24   condition =   ${if !eq {SERVER}{server}}
25   transport =   smtp
26
27 begin transports
28
29 smtp:
30   driver =              smtp
31   hosts =               127.0.0.1
32   allow_localhost
33   port =                PORT_D
34 .ifdef TRUSTED
35   hosts_require_tls =   *
36   tls_verify_certificates = DIR/aux-fixed/cert1
37   tls_verify_cert_hostnames = :
38 .endif
39   hosts_require_auth =  *
40
41 # ----- Authentication -----
42
43 begin authenticators
44
45 .ifndef TRUSTED
46 sasl1:
47   driver =              gsasl
48   public_name =         ANONYMOUS
49   server_set_id =       $auth1
50   server_condition =    true
51
52 sasl2:
53   driver =              gsasl
54   public_name =         PLAIN
55   server_set_id =       $auth1
56   server_condition =    ${if eq {$auth3}{pencil}}
57
58   client_condition =    ${if eq {plain}{$local_part}}
59   client_username =     ph10
60   client_password =     pencil
61 .endif
62
63 sasl3:
64   driver =              gsasl
65 .ifdef TRUSTED
66   public_name =         SCRAM-SHA-1-PLUS
67   server_advertise_condition =  ${if def:tls_in_cipher}
68   server_channelbinding =       true
69 .else
70   public_name =         SCRAM-SHA-1
71 .endif
72
73   # will need to give library salt, stored-key, server-key, itercount
74   #
75   # sigh
76   # gsasl takes props: GSASL_SCRAM_ITER, GSASL_SCRAM_SALT.  It _might_ take
77   # a GSASL_SCRAM_SALTED_PASSWORD - but that is only documented for client mode.
78
79   # unclear if the salt is given in binary or base64 to the library
80   server_scram_salt =   ${if eq {$auth1}{ph10} {QSXCR+Q6sek8bf92}}
81   server_password =     ${if eq {$auth1}{ph10} {pencil}{unset_password}}
82   server_condition =    true
83   server_set_id =       $auth1
84
85   client_condition =    ${if eq {scram_sha_1}{$local_part}}
86   client_username =     ph10
87   client_password =     pencil
88 .ifdef TRUSTED
89   client_channelbinding = true
90 .endif
91
92 .ifdef _HAVE_AUTH_GSASL_SCRAM_SHA_256
93 sasl4:
94   driver =              gsasl
95 .ifdef TRUSTED
96   public_name =         SCRAM-SHA-256-PLUS
97   server_advertise_condition =  ${if def:tls_in_cipher}
98   server_channelbinding =       true
99 .else
100   public_name =         SCRAM-SHA-256
101 .endif
102
103   server_scram_salt =   QSXCR+Q6sek8bf92
104   server_password =     pencil
105   server_condition =    true
106   server_set_id =       $auth1
107
108   client_condition =    ${if eq {scram_sha_256}{$local_part}}
109   client_username =     ph10
110   client_password =     pencil
111 .ifdef TRUSTED
112   client_channelbinding = true
113 .endif
114 .endif
115
116
117 # End