Re: easiest way to configure STARTTLS and PAM/AUTH on debian sendmail?

To: debian-security@lists.debian.org
Subject: Re: easiest way to configure STARTTLS and PAM/AUTH on debian sendmail?
From: Mark Ferlatte <ferlatte@cryptio.net>
Date: Mon, 29 Sep 2003 10:36:31 -0700
Message-id: <[🔎] 20030929173631.GB65049@radix.cryptio.net>
Mail-followup-to: Mark Ferlatte <ferlatte@cryptio.net>, debian-security@lists.debian.org
In-reply-to: <[🔎] D%Pdb.12318$Ak3.4988@twister.socal.rr.com>
References: <[🔎] D%Pdb.12318$Ak3.4988@twister.socal.rr.com>

Jeff Wiegley said on Mon, Sep 29, 2003 at 06:08:35AM +0000:
> What is the easiest method (preferrably one that doesn't require sasl)
> to get AUTH setup so that:
>   1) non-STARTTLS connections do NOT offer PLAIN or LOGIN, and
>   2) STARTTLS connections do honor PLAIN or LOGIN?
> 
> I'm 100% against sasl in general just for the simple fact that the
> developers have chosen to store passwords and user credentials in
> PLAINTEXT in a file on the filesystem. (add to that the need to
> maintain and synchronize two different databases or username/password
> information.)

Uh, SMTP AUTH is based on SASL (SASL is a protocol and a library).  So, you
need sasl to do what you want.

http://www.technoids.org/wwstarttls.html appears to have the info you want,
specifically:

dnl # Offer SMTP AUTH only after encryption (STARTTLS) has been negotiated
define(`confAUTH_OPTIONS',`p,y')dnl

M

Attachment: pgpiKAUF4tjgI.pgp
Description: PGP signature

Reply to:

References:
- easiest way to configure STARTTLS and PAM/AUTH on debian sendmail?
  - From: Jeff Wiegley <jeffw@cyte.com>

Prev by Date: Re: Versign has hijacked www.xmms.org
Next by Date: Re: new open udp port with bind 9.2.3rc
Previous by thread: Re: easiest way to configure STARTTLS and PAM/AUTH on debian sendmail?
Next by thread: Re: easiest way to configure STARTTLS and PAM/AUTH on debian sendmail?
Index(es):
- Date
- Thread