Critical Update: SMTP AUTH -> NetInfo
After further testing, I've discovered that I made
an error in my earlier testing. The SMTP AUTH still works, but not quite as well
as we might have hoped.
Apparently, the
"pwdcheck_method: pam" statement in my /usr/lib/sasl2/Sendmail.conf is
incorrect. The actual keyword should be "pwcheck_method", which doesn't work
with just a "pam" argument as far as I can see; however, the statement
"pwcheck_method: saslauthd -a pam" works, assuming you've set up
/var/state/saslauthd. What happened is that without the correct statement in the
file, SASL apparently defaults back to the "sasldb" authentication method,
unfortunately without any external evidence of the fact. I had created the
sasldb2.db file earlier to test that functionality, but I didn't delete it, so
that mechanism was still being used in my testing, unbeknownst to me at the
time...
Well, the bottom line is that
"sasldb" works for MD5, PLAIN, and LOGIN, but the problem with "saslauthd", as
documented (somewhat) at the SASL web site, is that "saslauthd -a pam" does not
work for anything besides PLAIN. It will however, work with PLAIN to
authenticate to the NetInfo database via
PAM.
I also discovered along the way
that the "testsaslauthd" program compiles OK with GCC 3.3. Using this program,
you can verify authentication via
saslauthd.
So, unfortunately, this
didn't turn out as well as I hoped, but it's still quite useful. Thankfully,
maintaining the sasldb2.db file is pretty simple, at least for smaller groups of
users. I'll be investigating some of the ideas I saw at the SquirrelMail web
site for managing the database via a web page.
Posted: Mon - September 29, 2003 at 06:50