Re: Alternate authentication source in OpenSMTPd
I forgot to add that I also check this one out from the man page too. If the method of delivery is local, a user database may be specified to override the system database: [userbase table] Look up users in the table table instead of performing system lookups using the getpwnam(3) function. If that's the way to do so, any example for it's proper use? But unless I don't understand it right, that's for users instead of the password file on the system may be for virtual mailbox and all. I am not sure I understand it's use as there is already virtual and users alias and all available. Or may be it's use is for limited mailbox oppose to for every users in the password file? Best, Daniel On 9/25/13 4:15 AM, Daniel Ouellet wrote: Hi, Is this still true from the man himself: What is not yet possible is to use alternate authentication sources. http://marc.info/?l=openbsd-miscm=129230912814295w=2 I try any and every way I could think of without success. I thought that may be there was a way to do so using some kind of variation of this from the man page: accept from any for any relay via smtps+auth://label@localhost auth secrets and use the makemap to add users in it, but if there is a way, I can't figure it out for the love of me and if it is actually available, I would very much appreciate a clue stick! So, is this correct to assume the option to do so is still not available yet? Not a huge deal, I just would like to know so that I stop beating myself trying to get it to work. [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Alternate authentication source in OpenSMTPd
On Wed, Sep 25, 2013 at 04:15:01AM -0400, Daniel Ouellet wrote:
Hi,
Hi,
Is this still true from the man himself:
What is not yet possible is to use alternate authentication sources.
http://marc.info/?l=openbsd-miscm=129230912814295w=2
It's officially still true, unofficially you can do it on recent
versions by declaring a table (i'll use a static table for the example
but you can use a file, db, sqlite or ldap one):
$ encrypt
mypassword
$2a$06$BTOM8Ck.HEInGF888KbjiORoXSOFT.McbLZIS85gMSmHTPA5Tds2S
$
smtpd.conf:
table mycreds { gilles = gilles:$2a$06$BTO[...]PA5Tds2S }
listen on [...] auth mycreds
and now, user 'gilles' can authenticate with password 'mypassword'
The feature has now stabilized, documented and will be officially
supported in the next stable release we do shortly after OpenBSD 5.4
I try any and every way I could think of without success. I thought that
may be there was a way to do so using some kind of variation of this
from the man page:
accept from any for any relay via smtps+auth://label@localhost auth
secrets
You won't have success with that because relaying auth and incoming auth
are completely unrelated, you're only adding one indirection to the
same issue.
However you successfully turned your setup into an open relay with:
from any for any
So, is this correct to assume the option to do so is still not available
yet? Not a huge deal, I just would like to know so that I stop beating
myself trying to get it to work.
summary:
For OpenSMTPD versions earlier than 5.3.3, it's correct to assume that.
For OpenSMTPD 5.3.3, it's a hidden feature that does work.
For next stable OpenSMTPD release, it'll no longer be hidden ;-)
--
Gilles Chehade
https://www.poolp.org @poolpOrg
Re: Alternate authentication source in OpenSMTPd
On 2013-09-25 Wed 11:39 AM |, Gilles Chehade wrote:
It's officially still true, unofficially you can do it on recent
versions by declaring a table (i'll use a static table for the example
but you can use a file, db, sqlite or ldap one):
$ encrypt
mypassword
$2a$06$BTOM8Ck.HEInGF888KbjiORoXSOFT.McbLZIS85gMSmHTPA5Tds2S
$
smtpd.conf:
table mycreds { gilles = gilles:$2a$06$BTO[...]PA5Tds2S }
listen on [...] auth mycreds
and now, user 'gilles' can authenticate with password 'mypassword'
Is this possible without TLS/SSL Gilles?
i.e; via CRAM-MD5 or DIGEST-MD5
Such as:
$ telnet localhost submission
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 teak.britvault.co.uk ESMTP Postfix
ehlo localhost
250-teak.britvault.co.uk
250-PIPELINING
250-SIZE 10485760
250-ETRN
250-AUTH CRAM-MD5
250-XVERP
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
Regards,
--
Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
Re: Alternate authentication source in OpenSMTPd
On Wed, Sep 25, 2013 at 01:03:45PM +0100, Craig R. Skinner wrote:
On 2013-09-25 Wed 11:39 AM |, Gilles Chehade wrote:
It's officially still true, unofficially you can do it on recent
versions by declaring a table (i'll use a static table for the example
but you can use a file, db, sqlite or ldap one):
$ encrypt
mypassword
$2a$06$BTOM8Ck.HEInGF888KbjiORoXSOFT.McbLZIS85gMSmHTPA5Tds2S
$
smtpd.conf:
table mycreds { gilles = gilles:$2a$06$BTO[...]PA5Tds2S }
listen on [...] auth mycreds
and now, user 'gilles' can authenticate with password 'mypassword'
Is this possible without TLS/SSL Gilles?
i.e; via CRAM-MD5 or DIGEST-MD5
nope, we only support AUTH PLAIN over a SSL/TLS connection at the moment
and unless someone writes it or I suddenly really need it, there is very
little chance that it's going to be implemented soon.
it's not part of any contributor's todo afaik
--
Gilles Chehade
https://www.poolp.org @poolpOrg
Re: Alternate authentication source in OpenSMTPd
Thanks Gilles!
I will test, but I sure can also wait for the 5.4 to be out as it is
just around the corner anyway!
Many thanks for the wonderful work!
Daniel
On 9/25/13 5:39 AM, Gilles Chehade wrote:
On Wed, Sep 25, 2013 at 04:15:01AM -0400, Daniel Ouellet wrote:
Hi,
Hi,
Is this still true from the man himself:
What is not yet possible is to use alternate authentication sources.
http://marc.info/?l=openbsd-miscm=129230912814295w=2
It's officially still true, unofficially you can do it on recent
versions by declaring a table (i'll use a static table for the example
but you can use a file, db, sqlite or ldap one):
$ encrypt
mypassword
$2a$06$BTOM8Ck.HEInGF888KbjiORoXSOFT.McbLZIS85gMSmHTPA5Tds2S
$
smtpd.conf:
table mycreds { gilles = gilles:$2a$06$BTO[...]PA5Tds2S }
listen on [...] auth mycreds
and now, user 'gilles' can authenticate with password 'mypassword'
The feature has now stabilized, documented and will be officially
supported in the next stable release we do shortly after OpenBSD 5.4
I try any and every way I could think of without success. I thought that
may be there was a way to do so using some kind of variation of this
from the man page:
accept from any for any relay via smtps+auth://label@localhost auth
secrets
You won't have success with that because relaying auth and incoming auth
are completely unrelated, you're only adding one indirection to the
same issue.
However you successfully turned your setup into an open relay with:
from any for any
So, is this correct to assume the option to do so is still not available
yet? Not a huge deal, I just would like to know so that I stop beating
myself trying to get it to work.
summary:
For OpenSMTPD versions earlier than 5.3.3, it's correct to assume that.
For OpenSMTPD 5.3.3, it's a hidden feature that does work.
For next stable OpenSMTPD release, it'll no longer be hidden ;-)
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
