saslauthd, sendmail, and AUTH
Eric Ewanco
eje at ewanco.com
Wed Jul 12 21:05:54 EDT 2006
Thanks for the detailed response, Alexander.
Alexander Dalloz wrote:
>
>> /usr/lib/sasl2/Sendmail.conf says:
>>
>> #pwcheck_method: saslauthd
>> pwcheck_method: shadow
>> mech_list: PLAIN CRAM-MD5 DIGEST-MD5
>
> 2 faults: a) with SASLv2 you can't use pwcheck_method shadow! It has
> either to be saslauthd or auxprop. b) using saslauthd you can't use
> shared secret mechs (CRAM-MD5 / DIGEST-MD5).
Thanks, I fixed these, although it didn't help.
>
>>
>> I tried running saslauthd in debug mode but it printed out nothing
>> when I invoked Sendmail.
>>
>> sendmail.mc contains:
>> define(`confAUTH_MECHANISMS',`LOGIN PLAIN DIGEST-MD5')
>> define(`confAUTH_OPTIONS',`y,p,a')
>
> You know what these parameters mean? If not please see in Sendmail's
> op.me doc file. You specify "y" which means that LOGIN and PLAIN will
> only be offered when a trusted connection is established: STARTTLS or
> SMTPS. As said before, offering DIGEST-MD5 is useless if you run (or
> need to run) saslauthd, because your auth credentials are stored in
> the shadow file.
Good point (though as it turns out the option in question is p, not y).
Unfortunately I am having a problem with the op.me file. It crashes my
Ghostscript, and when I do a text search for AUTH_OPTIONS (or even just
OPTIONS), in either the nroff output or the nroff source, I come up empty.
>
>> TRUST_AUTH_MECH(`LOGIN DIGEST-MD5 PLAIN')
>
> Your mech list in sendmail.mc does not match the list in
> Sendmail.conf, that is not good. Here because Sendmail now offers
> LOGIN while the SASL setup by Sendmail.conf does not list LOGIN as a
> possible mech. An attempt to use LOGIN will fail.
Ah, ok. Fixed (still fails). Now all three of the mechanism lists say
LOGIN PLAIN.
BUT -- I changed the "a" to "A" and it works now! I can relay
messages! Wonderful! Thanks so much for your help.
--
# __ __ Eric Ewanco
# IC | XC eje at ewanco.com
# ---+--- http://www.ewanco.com/~eje
# NI | KA Shrewsbury, MA; USA
More information about the Cyrus-sasl
mailing list