# This is an exim code snippet and part of the
# "Debian Exim Secure Authentification Pseudo-HOW-TO"
# (see http://ente.limmat.ch/kb/exim/exim_v3_secure_auth.html)
#
#
# Server side authentication sharing password file with UW-IMAPd
# Default password file: /etc/cram-md5.pwd
#
# Plain-text authentication in this configuration only works on TLS 
# connections, if it is used in unencrypted session, authentication always
# fails. A given username is looked up in /etc/cram-md5.pwd and the extracted
# cleartext password gets matched against the given secret. 
# The password file should have user IDs in the first column and plaintext
# passwords in the second column, separated by a tab. This file serves as a
# password file for exim's cram-md5 authentication mechanism and for UW-IMAPd,
# too. 

plain:
  driver = plaintext
  public_name = PLAIN
  server_condition = ${if eq{$tls_cipher}{}\
                            {fail}\
			    {${if eq{$3}\
			            {${lookup{$2}lsearch{/etc/cram-md5.pwd}\
				             {$value}\
                                             fail}\
                                    }\
                              {true}\
			      fail}\
			    }\
                      }
  server_set_id = $1

login:
  driver = plaintext
  public_name = LOGIN
  server_prompts = "Username:: : Password::"
  server_condition = ${if eq{$tls_cipher}{}\
                            {fail}\
                            {${if eq{$2}\
                                    {${lookup{$1}lsearch{/etc/cram-md5.pwd}\
                                             {$value}\
                                             fail}\
                                    }\
                              {true}\
                              fail}\
                            }\
                      }
  server_set_id = $1


# CRAM-MD5 needs passwords in clear text in its password file. 

cramMD5:
    driver=cram_md5
    public_name = CRAM-MD5
    server_secret = ${lookup{$1}lsearch{/etc/cram-md5.pwd}{$value}fail}
    server_set_id = $1