Sendmail, saslauthd, AUTH DIGEST-MD5 and /etc/shadow ?

Charles Bradshaw brad at gx110.bradcan.homelinux.com
Fri Jan 11 14:04:31 EST 2013


Hello List

I'm struggling (for many days!) to get sendmail AUTH DIGEST-MD5 to work in
Fedora 17, Linux version 3.6.11-1.fc17.i686.PAE.

I have AUTH PLAIN working, but DIGEST-AUTH refuses. (see Tests: below)

Configuration:
# yum list sendmail cyrus-sasl*
Installed Packages
cyrus-sasl.i686       2.1.23-31.fc17
cyrus-sasl-lib.i686   2.1.23-31.fc17
cyrus-sasl-md5.i686   2.1.23-31.fc17
cyrus-sasl-plain.i686 2.1.23-31.fc17

In /etc/sysconfig/saslauthd containing MECH=shadow and:
# saslauthd -v
saslauthd 2.1.23
authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap httpform
# ps wax | grep saslauthd
.... /usr/bin/saslauthd -m /run/saslauthd -a shadow
# testsaslauthd -u realuser -p realuserpwd -s smtp
0: OK "Success."

in /etc/mail/sendmail.mc contains:
define(`confAUTH_OPTIONS', `A')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL DIGEST-MD5 PLAIN')dnl
FEATURE(`authinfo', `hash /etc/authinfo.db')dnl

in /etc/sasl2/Sendmail.conf
pwcheck_method:saslauthd
mech_list:DIGEST-MD5 PLAIN
log_level:5

in /etc/mail/authinfo
AuthInfo:mail......com "U:smmsp" "I:realuser" "P:smmsppwd"

I did "makemap hash authinfo < authinfo" and "chown root:smmsp authinfo.db"

and:
# ls /usr/lib/sasl2/*.so
/usr/lib/sasl2/libanonymous.so  /usr/lib/sasl2/liblogin.so
/usr/lib/sasl2/libcrammd5.so    /usr/lib/sasl2/libplain.so
/usr/lib/sasl2/libdigestmd5.so  /usr/lib/sasl2/libsasldb.so

              ~ o ~

Tests:
# smtptest -v -p 587 -m DIGEST-MD5 -a realuser -u smmsp localhost
...
C: EHLO smtptest
...
C: AUTH DIGEST-MD5
S: 334 bm9uY2U9Ik81Lytn...
Please enter your password:
C: dXNlcm5hbWU9ImJyYWQiLHJ...
S: 535 5.7.0 authentication failed
Authentication failed. generic failure
Security strength factor: 128

and a connection from Evolution gives Error:
"The reported error was "AUTH command failed: authentication failed".

/var/log/maillog says:
AUTH: available mech=PLAIN DIGEST-MD5, allowed mech=EXTERNAL DIGEST-MD5 PLAIN
...
--- 535 5.7.0 authentication failed
AUTH failure (DIGEST-MD5): user not found (-20) SASL(-13): user not found: no
secret in database.

My question is which database is saslauthd looking in?
Or perhaps why is it not using shadow?

Both realuser and smmsp are present in /etc/shadow

I repeat AUTH PLAIN works for both smtptest and Evolution tests but not
DIGEST-MD5.

Have I missed something? Any help would be very much appreciated.




More information about the Cyrus-sasl mailing list