From owner-freebsd-questions@FreeBSD.ORG Wed Jun 4 21:22:22 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 84D8337B401 for ; Wed, 4 Jun 2003 21:22:22 -0700 (PDT) Received: from typhoon.enabled.com (typhoon.enabled.com [216.218.220.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0878A43FB1 for ; Wed, 4 Jun 2003 21:22:22 -0700 (PDT) (envelope-from admin2@enabled.com) Received: from enabled.com (localhost.enabled.com [127.0.0.1]) by typhoon.enabled.com (8.12.9/8.12.9) with ESMTP id h554MA0G079418; Wed, 4 Jun 2003 21:22:10 -0700 (PDT) (envelope-from admin2@enabled.com) From: "admin" To: dirk.meyer@dinoex.sub.org (Dirk Meyer), freebsd-questions@freebsd.org Date: Wed, 4 Jun 2003 20:22:10 -0800 Message-Id: <20030605041523.M49617@enabled.com> In-Reply-To: References: <20030605022228.M16985@enabled.com> X-Mailer: Open WebMail 2.01 20030425 X-OriginatingIP: 131.161.240.131 (admin2) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Subject: Re: cyrus-sasl2 setup failing X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2003 04:22:22 -0000 On Thu, 05 Jun 2003 05:54:45 +0200, Dirk Meyer wrote > > Sendmail 8.12.9-sasl2 (compiled from /usr/ports/mail/sendmail-sasl) > > cyrus-sasl-2.1.13 (compiled from /usr/ports/security/cyrus-sasl2-saslauthd) > > > > A client is still not able to authenticate via SASL - looks like is it not > > happy but I am not sure how to fix it. Anybody got a clue what I am doing > > wrong here? > > > --- from the logs when some attempts to authenticate ---- > > Jun 4 20:09:46 typhoon sm-mta[78399]: AUTH: available mech=NTLM LOGIN PLAIN > > OTP DIGEST-MD5 CRAM-MD5, allowed mech=LOGIN PLAIN > > > Jun 4 20:09:46 typhoon sm-mta[78399]: h5539jJQ078399: AUTH failure (LOGIN): > > no mechanism available (-4) SASL(-4): no mechanism available: checkpass failed > > > define(`confAUTH_OPTIONS', `A p y')dnl > > define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl > > TRUST_AUTH_MECH(`LOGIN PLAIN')dnl > > checkpass failed, is the saslauthd started? thanks for the quick response. no, what should my saslauthd flags be since the sendmail configuration I am asking for LOGIN PLAIN in my sendmail .mc - is this correct? if [ -z "${sasl_saslauthd_flags}" ]; then sasl_saslauthd_flags="-a pam" fi > do you needd the "A" Option? > > from: /usr/local/share/sendmail/cf/README > confAUTH_OPTIONS AuthOptions [undefined] If this option > is 'A' then the AUTH= > parameter for the MAIL FROM > command is only issued when > authentication succeeded. [...] See doc/op/op.me for details. > > from: /usr/local/share/doc/sendmail/op.txt > [no short name] List of options for SMTP > AUTH consisting of single characters with > intervening white space or commas. > > A Use the AUTH= parameter for the MAIL FROM > command only when authentication succeeded. > This can be used as a workaround for broken > MTAs that do not implement RFC 2554 > correctly. a protection from active (non- > dictionary) attacks during authentication exchange. > c require mechanisms which pass client > credentials, and allow mechanisms which can > pass credentials to do so. > d don't permit mechanisms susceptible to passive > dictionary attack. f require forward > secrecy between sessions > (breaking one won't help break next). > p don't permit mechanisms susceptible to simple > passive attack (e.g., PLAIN, LOGIN), unless a > security layer is active. y > don't permit mechanisms that allow anonymous login. > > The first option applies to sendmail as a > client, the others to a server. Example: > > O AuthOptions=p,y > > more links: > http://www.sendmail.org/~gshapiro/ > http://www.sendmail.org/~ca/email/auth.html > http://www.asp.ogi.edu/people/paja/linux/sendmail/ > http://blue-labs.org/clue/sendmail.php > http://www.digitalanswers.org/sendmail/ > > > kind regards Dirk > > - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany > - [dirk.meyer@dinoex.sub.org],[dirk.meyer@guug.de],[dinoex@FreeBSD.org] > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"