Nicolas Williams wrote: > > > > > Now how do I enable GSSAPI authentication for local users? What should > > > I put into the /etc/mail/authinfo file so that each local user who has > > > a Kerberos ticket could authenticate herself to the mailhub? > > > > > The users send mail from mutt, pine etc by calling /usr/sbin/sendmail. > > > > Am I asking something extraordinary? > > > > fetchmail works fine as GSSAPI client, so there is no more need to > > store a password in the config for receiving mail. I wish we could do > > the same for sending.
> See: > http://www.sendmail.org/~ca/email/auth.html > under "Using sendmail as a client with AUTH." > It doesn't really address how to use this with Kerberos. It's not clear > if you just have to give sendmail your Kerberos password (I doubt that > will work, much less be acceptable), or if sendmail is able to somehow > find your ccache and tickets. Moreover, this document does not specify if per user authentication is at all possible. The tags U, P and others seem to have global significance because they live in /etc/mail/authinfo. > My guess: it just doesn't work, at least when sendmail is running in > queue mode. > To make it work will require enough changes I wonder. SASL client is already there. > that one could be forgiven > for wondering why mutt et. al. shouldn't just learn how to talk SMTP/ > SUBMIT to the real MSA anyways the way Thunderbird, Evolution and > all other MUAs do it. Or, In fact, mutt *can* do this if compiled with --enable-smtp. But the advantage of calling /usr/sbin/sendmail is its universality. You have all your MUAs, all your scripts, all your cron jobs call sendmail or mail. I often redirect output of various programs to mail. > alternatively, why a standalone, non-queueing (or per-used queue > daemon) mail submission program isn't the right answer. Oh, it is. Please name one with Kerberos support, and I shall install it as /usr/sbin/sendmail. > Or you might argue that sendmail just needs an option to work as > described above (no queueing, no privs, or per-user queueing). > BTW, on Solaris it wouldn't work anyways pending this: > 6481399 sendmail needs to ship /etc/sasl/Sendmail.conf ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ I think it is for server side SASL. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/[EMAIL PROTECTED] http://vas.tomsk.ru/ ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
