Matthias Fechner wrote: > Hi, > > i tried to get smtp-auth against the pass working but it is not > work. I must add users with saslpasswd2 to the sasldb but I want to > auth my smtp users with there "normal" password without the need to > add them to an additional db. > > What I did is: > Installed sasl2authd from the ports. > > /etc/make.conf: > # Add SMTP AUTH support to Sendmail > SENDMAIL_CFLAGS+= -I/usr/local/include -DSASL=2 > SENDMAIL_LDFLAGS+= -L/usr/local/lib > SENDMAIL_LDADD+= -lsasl2 > # Enable smtps for sendmail > SENDMAIL_CFLAGS+= -D_FFR_SMTP_SSL > SENDMAIL_MILTER_IN_BASE=yes > And recompiled sendmail in base. > > Edit /usr/local/lib/sasl2/Sendmail.conf: > pwcheck_method: saslauthd > > Enabled saslauth in rc.conf and start it: > saslauthd_enable="yes" > saslauthd_flags="-a getpwent" > > Edited my .mc file: > dnl Enable smpt-auth > FEATURE(authinfo') > define(confDONT_BLAME_SENDMAIL',GroupReadableSASLDBFile')dnl > define(confAUTH_MECHANISMS',LOGIN GSSAPI DIGEST-MD5 CRAM-MD5')dnl > define(confRUN_AS_USER',root:mail')dnl > > But it seems to me that sendmail isn't using saslauth instead it uses > directly the sasldb so all thinks I configured in sasl2authd is useless. > > Has someone smtp-auth with sendmail against passwd running? > Hmm i used the sendmail from ports, due to lazyness and (at the time wasnt too familiar with Freebsd's /etc/make.conf) but your config looks ok. Also I use 6.x and at one point was using nss_ldap so i use PAM which has the same effect as you are intending, it might be worth your while trying that too.
.mc file define(`confAUTH_MECHANISMS', `LOGIN PLAIN DIGEST-MD5 CRAM-MD5') TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5 CRAM-MD5') Because of this (the plain bit) i also enabled ssl (self signed but who cares here. its just so the passwords dont go in cleartext) dnl ### do STARTTLS define(`confCACERT_PATH', `/usr/local/certs')dnl define(`confCACERT', `/usr/local/certs/cacert.pem')dnl define(`confSERVER_CERT', `/usr/local/certs/sendmail.pem')dnl define(`confSERVER_KEY', `/usr/local/certs/sendmail.pem')dnl define(`confCLIENT_CERT', `/usr/local/certs/sendmail.pem')dnl define(`confCLIENT_KEY', `/usr/local/certs/sendmail.pem')dnl DAEMON_OPTIONS(`Family=inet, Port=465, Name=MTA-SSL, M=s')dnl The sasl side: [EMAIL PROTECTED] (10:50:35 <~>) 0 # cat /usr/local/lib/sasl2/Sendmail.conf pwcheck_method: saslauthd /etc/rc.conf #sasl auth for sendmail etc saslauthd_enable="YES" This allows sasl2authd to use the default flags of -a pam I also have the following file in /etc/pam.d/ [EMAIL PROTECTED] (10:54:55 <~>) 0 # more /etc/pam.d/sendmail # auth #auth required pam_nologin.so no_warn #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass #auth sufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass auth required pam_unix.so no_warn try_first_pass auth required pam_unix.so no_warn try_first_pass account required pam_unix.so session required pam_unix.so (excuse linewrap) This works fine for me. Good luck Vince > Best regards, > Matthias > _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"