netbsd-users: Plaintext password authentication for sendmail and cyrus SASL2?

Subject: Plaintext password authentication for sendmail and cyrus SASL2?
To: None <netbsd-users@netbsd.org>
From: Gilles Gravier <Gilles@Gravier.org>
List: netbsd-users
Date: 05/10/2005 12:26:52
This is a multi-part message in MIME format.
--------------080609000102090808090605
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Hi!

OK... so we've lost Cyrus SASL v1... and have to switch to SASLv2. I 
understand that this is for security reasons and can adhere to that. My 
issue is that last time I tried to get plaintext auth working with 
SASLv2, I spent a whole week-end on it and never managed it to work.

I'm currently configuring my sendmail with (in my *.mc file) :

TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl

And, in my /etc/mk.conf file :

PKG_OPTIONS.sendmail=starttls sasl

Then I have in /usr/pkg/lib/sasl/Sendmail.conf :

pwcheck_method: passwd

This works fine with Cyrus SASLv1

I understand that I have to install cyrus-sasl2 as well as 
cyrus-saslauthd ... but beyond that, all my attempts have failed at 
getting plaintext passwords recognised. Oh... I don't consider plaintext 
passwords a security risk as I force use of TLS (see the mk.conf file).

Has anyone actually done this? Documented it with a step-by-step guide? :)

Thanks in advance for any help,
Gilles.
-- 
/*Gilles Gravier*/ *=* *Gilles@Gravier.org* <mailto:Gilles@Gravier.org> 
*=* *http://www.gravier.org/*
ICQ : *77488526* 
<http://www.icq.com/whitepages/about_me.php?Uin=77488526> * || *MSN 
Messenger : Gilles@Gravier.org 
<http://members.msn.com/?mpp=4263%7E5AAAZAAAACcw%210A83PFlYeq0R%21ZPO39GW63sr8Zaat9nB6dTdi0id9FQ$$%7E5AAAaAAAAEDTTl7j2*1w8Gd7%21LdWZmJumAmJe3E2lA97s$>*
*Skype : ggravier <callto://ggravier>* || *Y! : ggravier 
<http://profiles.yahoo.com/ggravier> || AOL : gillesgravier 
<aim:goim?screenname=gillesgravier>
PGP Key ID : *0x8DE6D026* 
<http://pgp.mit.edu:11371/pks/lookup?search=0x8DE6D026&op=index>
"Chastity is its own punishment." (/Solomon Short/) [/David Gerrold/]



--------------080609000102090808090605
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
  <title></title>
</head>
<body bgcolor="#ffffff" text="#336666">
Hi!<br>
<br>
OK... so we've lost Cyrus SASL v1... and have to switch to SASLv2. I
understand that this is for security reasons and can adhere to that. My
issue is that last time I tried to get plaintext auth working with
SASLv2, I spent a whole week-end on it and never managed it to work.<br>
<br>
I'm currently configuring my sendmail with (in my <font color="#ff0000"><tt>*.mc</tt></font>
file) :<br>
<br>
<font color="#000000"><tt>TRUST_AUTH_MECH(`LOGIN PLAIN')dnl<br>
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl</tt></font>
<br>
<br>
And, in my <tt><font color="#ff0000">/etc/mk.conf</font></tt> file :<br>
<br>
<font color="#000000"><tt>PKG_OPTIONS.sendmail=starttls sasl
</tt></font><br>
<br>
Then I have in <font color="#ff0000"><tt>/usr/pkg/lib/sasl/Sendmail.conf</tt></font>
:<br>
<br>
<tt><font color="#000000">pwcheck_method: passwd</font></tt><br>
<br>
This works fine with Cyrus SASLv1<br>
<br>
I understand that I have to install <font color="#000000"><tt>cyrus-sasl2</tt></font>
as well as <font color="#000000"><tt>cyrus-saslauthd</tt></font> ...
but beyond that, all my attempts have failed at getting plaintext
passwords recognised. Oh... I don't consider plaintext passwords a
security risk as I force use of TLS (see the mk.conf file).<br>
<br>
Has anyone actually done this? Documented it with a step-by-step guide?
:)<br>
<br>
Thanks in advance for any help,<br>
Gilles.<br>
<div class="moz-signature">-- <br>
<title>Signature Perso Chastity</title>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
<div style="text-align: left;">
<table
 style="text-align: left; background-color: rgb(102, 102, 102); width: 500px; height: 73px;"
 border="1" cellpadding="3" cellspacing="3">
  <tbody>
    <tr>
      <td
 style="text-align: center; vertical-align: middle; background-color: rgb(204, 204, 204); white-space: nowrap;">
      <div
 style="text-align: center; background-color: rgb(204, 204, 204);"><tt><font
 color="#7d6eaf"><i><b>Gilles Gravier</b></i> <b>=</b> </font><a
 href="mailto:Gilles@Gravier.org"><font color="#000000"><b>Gilles@Gravier.org</b></font></a><font
 color="#7d6eaf"> <b>=</b> </font><a href="http://www.gravier.org/"><font
 color="#000000"><b>http://www.gravier.org/</b></font></a></tt><br>
      </div>
      <div
 style="text-align: center; background-color: rgb(204, 204, 204);"><tt><font
 color="#009900"><span
 style="font-family: monospace; color: rgb(0, 0, 0); font-weight: bold;"></span></font><font
 color="#000099">ICQ :</font> <a
 href="http://www.icq.com/whitepages/about_me.php?Uin=77488526"><font
 color="#009900"><b>77488526</b></font></a></tt>&nbsp;<tt><font
 color="#009900"><b><span
 style="font-family: monospace; color: rgb(0, 0, 0);"> || </span></b></font></tt><tt><font
 color="#000099">MSN Messenger : <a
 href="http://members.msn.com/?mpp=4263%7E5AAAZAAAACcw%210A83PFlYeq0R%21ZPO39GW63sr8Zaat9nB6dTdi0id9FQ$$%7E5AAAaAAAAEDTTl7j2*1w8Gd7%21LdWZmJumAmJe3E2lA97s$"><span
 style="color: rgb(0, 153, 0); font-weight: bold;">Gilles@Gravier.org</span></a></font></tt><tt><font
 color="#009900"><b><span
 style="font-family: monospace; color: rgb(0, 0, 0);"><br>
      </span></b></font></tt><span
 style="font-family: monospace; color: rgb(0, 0, 153);">Skype</span><tt><font
 color="#000099"><span style="color: rgb(0, 0, 153);"> :&nbsp;</span><a
 href="callto://ggravier"><span
 style="font-weight: bold; color: rgb(0, 153, 0);">ggravier</span></a></font></tt><tt><font
 color="#009900"><b><span
 style="font-family: monospace; color: rgb(0, 0, 0);"> || </span></b></font></tt><tt><font
 color="#000099"><span style="color: rgb(0, 153, 0);"></span><span
 style="font-weight: bold;"></span>Y! : <a
 href="http://profiles.yahoo.com/ggravier"><span
 style="color: rgb(0, 153, 0); font-weight: bold;">ggravier</span></a></font></tt><tt
 style="font-weight: bold;"><font color="#009900"><span
 style="font-family: monospace; color: rgb(0, 0, 0);"> || </span></font></tt><tt><font
 color="#000099">AOL : <a href="aim:goim?screenname=gillesgravier"><span
 style="color: rgb(0, 153, 0); font-weight: bold;">gillesgravier</span></a><br>
      </font></tt><tt><font color="#000099">PGP Key ID :</font> <a
 href="http://pgp.mit.edu:11371/pks/lookup?search=0x8DE6D026&amp;op=index"><font
 color="#009900"><b>0x8DE6D026</b></font></a></tt><br>
      </div>
      <div
 style="text-align: center; background-color: rgb(204, 204, 204);"><tt>"Chastity
is its own punishment." (<font color="#999999"><i>Solomon Short</i></font>)
[<font color="#666666"><i>David Gerrold</i></font>]</tt><br>
      </div>
      </td>
    </tr>
  </tbody>
</table>
<pre wrap="">
</pre>
</div>
<br>
</div>
</body>
</html>

--------------080609000102090808090605--