Re: how do I get sendmail SMTP-AUTH to use pam (and not SASL2)?
On 20 Jul 2003 15:42:28 -0700
"Jeff Wiegley, Ph.D." <email@example.com> wrote:
> After two days I've discovered that sendmail is using something
> called sasl (sasl2 actually) to do the authentication and it
> requires something called "realms".
> Well, I don't want this. I want sendmail to use the same
> information present in /etc/passwd and /etc/shadow to do the
> authentication so that I don't have to keep issuing
> saslpasswd commands to add users every time I add a user.
> It just seems silly to try and keep two different authentication
> databases synchronized.
SASL (AKA cyrus-sasl) is a general purpose authentication layer that
allows for a number of different authentication schemes - /etc/passwd,
sasldb, Kerberos 4/5, and others. Think of SASL kind of like PAM, but
at a lower level. I haven't used SASL on Debian, or SMTP-AUTH at all,
but each service that uses SASL should have a config file that specifies
the mechanism. That file may be in /etc, or may be in /usr/lib/sasl2.
In your case, it looks like you're using the "auxprop" mechanism, which
can actually do several things, but defaults to using the sasldb
database. You'll want to switch that to "saslauthd". Then you'll need
to configure saslauthd to read /etc/shadow - saslauthd can be used many
different ways. I'm not sure exactly how to configure that, but I'm
sure the man pages and Google will come through for you.
> sendmail configuration in debian is *very* confusing.
As opposed to what OS where it isn't? You don't use Sendmail if you
just want something quick and easy.
> Could somebody please tell me how I simply configure SMTP-AUTH to
> authenticate using the information present in /etc/passwd and
> /etc/shadow (pam, I guess?) AND I would like it to be a
> persistent change so that if I upgrade the sendmail package or
> rerun update-conf/sendmailconf it doesn't break.
As stated, the issue is with SASL. Get that configured properly, and
the changes will be persistent.