Sendmail, saslauthd, AUTH DIGEST-MD5 and /etc/shadow ?
Charles Bradshaw
brad at gx110.bradcan.homelinux.com
Sat Jan 12 06:16:44 EST 2013
Following Sebastians reply I'm more confused than ever.
The way I read the manual (here:
http://www.sendmail.org/~ca/email/cyrus2/sysadmin.html) to use sasldb I have
to change pwcheck_method=shadow to pwcheck_method=auxprop in
/usr/lib/sasl2/Sendmail.conf
Is that correct?
If so, then presumably I have to change MECH=shadow in
/etc/sysconfig/saslauthd, but what to ?
"saslauthd -v" returns: authentication mechanisms: getpwent kerberos5 pam
rimap shadow ldap httpform.
There is no mention of sasldb in the above return. The installed default was
MECH=pam, which I changed to get where I am.
I need to get DIGEST-MD5 working while keeping PLAIN which already works:
Assuming Sebstians assertion is correct, can I just duplicate authorization
and/or authentication data in sasldb2 ?
If I have to change pwcheck_method (as above) what about the MECH parameter in
/etc/sysconfig/saslauthd ?
Can I just specify MECH=pam ?
Thanks for your patience.
> Previous reply:
>
>Sebastian, thanks for the prompt reply.
>
>What do you mean 'original', the password for realuser or smmsp or both ?
>
>> Re: Sendmail, saslauthd, AUTH DIGEST-MD5 and /etc/shadow ?
>>
>> You'll have to use sasldb if you want to use DIGEST-MD5. Challenge-response
>> only works when both sides know the original password.
>
>Charles Bradshaw
More information about the Cyrus-sasl
mailing list