lmtpd don't advertise the "EXTERNAL" auth method
Rob Siemborski
rjs3 at andrew.cmu.edu
Mon Mar 24 16:08:27 EST 2003
On Mon, 24 Mar 2003, Balazs GAL wrote:
> I use a backported version of debian's (thanks hmh) cyrus21 2.1.11-5
> package.
>
> My problem is that, lmtpd don't advertise the "EXTERNAL" auth method
> on unix socket (neither on tcp). Because it, cyrdeliver (deliver)
> can't use the AUTH parameter of the MAIL FROM command (see lmtp_runtxn in
> lmtpengine.c), and because it, cyrdeliver (-a auth-id option) and the
> mta can't provide the authenticated userid to cyrus. Every post
> run as "anyone", so our users cant post to the shared folders etc etc.
I'm unclear what the problem is here. Certainly I don't believe there is
one with LMTPd (though perhaps there is one with cyrdeliver).
Over TCP, you're going to need an external authentication source (e.g. TLS
client cert) before you can advertise EXTERNAL as a SASL auth mech. On a
unix socket, the connection is assumed to be preauthenticated as an admin,
so you shouldn't need to authenticate at all (i.e. don't let non admins
write to the unix socket!).
-Rob
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper
More information about the Info-cyrus
mailing list