Sendmail, saslauthd, AUTH DIGEST-MD5 and /etc/shadow ?

Charles Bradshaw brad at gx110.bradcan.homelinux.com
Sat Jan 12 06:16:44 EST 2013


Following Sebastians reply I'm more confused than ever.

The way I read the manual (here:
http://www.sendmail.org/~ca/email/cyrus2/sysadmin.html) to use sasldb I have
to change pwcheck_method=shadow to pwcheck_method=auxprop in
/usr/lib/sasl2/Sendmail.conf

Is that correct?

If so, then presumably I have to change MECH=shadow in
/etc/sysconfig/saslauthd, but what to ?
"saslauthd -v" returns: authentication mechanisms: getpwent kerberos5 pam
rimap shadow ldap httpform.

There is no mention of sasldb in the above return. The installed default was
MECH=pam, which I changed to get where I am.

I need to get DIGEST-MD5 working while keeping PLAIN which already works:

Assuming Sebstians assertion is correct, can I just duplicate authorization
and/or authentication data in sasldb2 ?

If I have to change pwcheck_method (as above) what about the MECH parameter in
/etc/sysconfig/saslauthd ?

Can I just specify MECH=pam ?

Thanks for your patience.

> Previous reply:
>
>Sebastian, thanks for the prompt reply.
>
>What do you mean 'original', the password for realuser or smmsp or both ?
>
>> Re: Sendmail, saslauthd, AUTH DIGEST-MD5 and /etc/shadow ?
>>
>> You'll have to use sasldb if you want to use DIGEST-MD5. Challenge-response
>> only works when both sides know the original password.
>
>Charles Bradshaw


More information about the Cyrus-sasl mailing list