saslauthd, sendmail, and AUTH

Eric Ewanco eje at ewanco.com
Wed Jul 12 21:05:54 EDT 2006 

Thanks for the detailed response, Alexander.

Alexander Dalloz wrote:
>
>> /usr/lib/sasl2/Sendmail.conf says:
>>
>> #pwcheck_method: saslauthd
>> pwcheck_method: shadow
>> mech_list: PLAIN CRAM-MD5 DIGEST-MD5
>
> 2 faults: a) with SASLv2 you can't use pwcheck_method shadow! It has 
> either to be saslauthd or auxprop. b) using saslauthd you can't use 
> shared secret mechs (CRAM-MD5 / DIGEST-MD5).
Thanks, I fixed these, although it didn't help.
>
>>
>> I tried running saslauthd in debug mode but it printed out nothing 
>> when I invoked Sendmail.
>>
>> sendmail.mc contains:
>> define(`confAUTH_MECHANISMS',`LOGIN PLAIN DIGEST-MD5')
>> define(`confAUTH_OPTIONS',`y,p,a')
>
> You know what these parameters mean? If not please see in Sendmail's 
> op.me doc file. You specify "y" which means that LOGIN and PLAIN will 
> only be offered when a trusted connection is established: STARTTLS or 
> SMTPS. As said before, offering DIGEST-MD5 is useless if you run (or 
> need to run) saslauthd, because your auth credentials are stored in 
> the shadow file.
Good point (though as it turns out the option in question is p, not y).  
Unfortunately I am having a problem with the op.me file.  It crashes my 
Ghostscript, and when I do a text search for AUTH_OPTIONS (or even just 
OPTIONS), in either the nroff output or the nroff source, I come up empty. 
>
>> TRUST_AUTH_MECH(`LOGIN DIGEST-MD5 PLAIN')
>
> Your mech list in sendmail.mc does not match the list in 
> Sendmail.conf, that is not good. Here because Sendmail now offers 
> LOGIN while the SASL setup by Sendmail.conf does not list LOGIN as a 
> possible mech. An attempt to use LOGIN will fail.
Ah, ok.  Fixed (still fails).  Now all three of the mechanism lists say 
LOGIN PLAIN.

BUT -- I changed the "a" to "A" and it works now!  I can relay 
messages!  Wonderful!  Thanks so much for your help.

-- 
# __   __                    Eric Ewanco 
# IC | XC                   eje at ewanco.com
# ---+---            http://www.ewanco.com/~eje
# NI | KA                Shrewsbury, MA; USA

More information about the Cyrus-sasl mailing list