Subject: Re: Sendmail SMTP auth w/ SASL2
To: Chris Ross <firstname.lastname@example.org>
From: Adrian Portelli <email@example.com>
Date: 11/17/2004 15:57:39
Sorry, I should probably explain myself a little better:
When you do an "EHLO foo.bar" the server should respond with the auth
mechanisims it supports e.g. PLAIN, LOGIN etc
% telnet localhost 25
Connected to localhost
Escape character is '^]'.
220 local.sendmail.ORG ESMTP Sendmail 8.10.0/8.10.0; Thu, 9 Sep 1999
10:48:44 -0700 (PDT)
250-local.sendmail.ORG Hello localhost [127.0.0.1], pleased to meet you
250-AUTH DIGEST-MD5 CRAM-MD5
Each of the modes supported has a corresponding security/cy2-* package.
So if for example you wanted to allow the PLAIN and LOGIN methods you
would need to install cy2-plain and cy2-login. (Of course this is a "bad
idea" (tm) unless you are implementing TLS as well). This would then
use saslauthd to auth the users against /etc/passwd.
In addition to this there are cf (mc) directives as to what mechanisms
set advertised so I'd check your cf (mc) files as well. Specifically
look for confAUTH_MECHANISMS and I'm pretty sure there are others as well.
So my questions to you should really have been what cy2-* packages do
you have installed and what AUTH mechanisms is sendmail actually
Also have a look at http://www.sendmail.org/~ca/email/auth.html
Chris Ross wrote:
> Hi there. I have a 2.0_RC4 machine that I'm trying to get SMTP
> AUTH working on.
> I've built the pkgsrc sendmail 8.12.11 and replaced the system
> sendmail with it. It seems to work alright, and "AUTH ..." is
> listed in response to EHLO.
> However, when prompted for a password, I give it only to be
> prompted again by my client. The /var/log/authlog on the server
> Nov 17 09:55:08 harmony sm-mta: could not find auxprop plugin,
> was searching for [all]
> Nov 17 09:55:08 harmony sm-mta: OTP: auxprop backend can't store
> I'm not sure why it's trying to use auxprop, nor do I know
> how to have it find it, if that is what I want to do.
> I've installed saslauthd, and it's running (-a getpwent). But,
> I don't think it's being used. I've created a
> which contains only the line:
> pwcheck_method: saslauthd
> Does anyone see anything obvious I've done wrong? Thanks...
> - Chris