Date: Fri, 21 Dec 2001 13:48:29 -0800 From: Terry Lambert <tlambert2@mindspring.com> To: Leo Bicknell <bicknell@ufp.org> Cc: freebsd-hackers@freebsd.org Subject: Re: sendmail + auth + ssl + freebsd Message-ID: <3C23AE2D.F204D960@mindspring.com> References: <20011220022654.GA78232@ussenterprise.ufp.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Leo Bicknell wrote: > If no one else has figured this mess out, I'll do it and write a > page for the handbook. If someone else has, please clue me in, and > if necessary I'll still write that handbook page. :-) It would be > very nice if it was simple to make FreeBSD sendmail SSL and > authenticate against the password file. Authentication is not against the password file. The normal mechanism for use of SMTP AUTH uses a shared secret vi a SASL challenege/response. SASL requires that the password be in clear text, so that the transformation on the host using the NONCE can be repeated on the client with the shared secret, without the secret ever going over the wire in cleartext. The program you are looking for is "saslpasswd". You will have to maintain a local "passwd" file, seperate from the UNIX passwd file, for each of your mail clients. My personal approach was to use an LDAP directory, and limit the password using precalculation of a partial nonce. In any case, without the saslpasswd file, you will not be offered the AUTH extension on the SMTP connection (Say "EHLO <domain>", and it will tell you what it supports or not). The most commonly deployed method is MD5 digest (this is what Netscape uses). -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C23AE2D.F204D960>