Sendmail [was OpenSSL]
James Kosin
jkosin at beta.intcomgrp.com
Thu Jul 15 20:45:53 UTC 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Alexander Dalloz wrote:
<<--snip-->>
|
|
| Maybe a little misunderstanding: the default entry in Sendmail.conf is
| "pwcheck_method:saslauthd". Then the saslauthd must be running (service
| saslauthd status). The saslauthd is by default configured to auth
| against the shadow file. If you want to change that you will have to
| create a file /etc/sysconfig/saslauthd with content i.e. "MECH=pam",
| this will override the setting in the init script.
There is a file /etc/sysconfig/saslauthd that I did not create. It
contains the following:
# To read about how postfix uses saslauthd read this:
# /usr/share/doc/postfix-*/README-Postfix-SASL-RedHat.txt
#
# To see a list of authentication mechanisms supported by saslauthd
execute this command
# /usr/sbin/saslauthd -v
#
# Default to pam
MECH=pam
Maybe this is another postfix change.... When I installed FC1, I
usually install everything. It saves having to find something when I
need it.
Should I set the entry in Sendmail.conf to pwcheck_method:saslauthd.
Then change the /etc/sysconfig/saslauthd to use shadow? Maybe, I'm a
little confused how this is suppose to work properly.....
<<--snip-->>
|
| I don't know what you did, but it sounds not proper. The cacert is
| something very different then the client certificates as ipop3d.pem.
| Maybe should post you a brief description of the necessary steps.
|
The ipop3d.pem is needed for the server to authenticate with the client
when connecting. The client then imports this certificate into its
database of accepted certs. The ipop3d.pem is a server cert that
identifies (in my case the server: beta.support.intcomgrp.com on IP
192.168.10.20).
<<--snip-->>
| One last note: The default setting in sendmail.mc is not to force
| STARTTLS being active for PLAIN and LOGIN AUTH. If you did not already
| change that, then change that to allow LOGIN and PLAIN only after
| STARTTLS has been done:
|
| define(`confAUTH_OPTIONS', `A p')dnl
|
| Else it matters how the user configured his client, if he did activate
| SSL/TLS in his mail client. And you know, never trust the user.
Already done... although I've even seen one setup on the web that
suggests `A p y'.
<<--snip-->>
Thanks,
James
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFA9u0Bc7lFLjBWKW0RAnU5AKCSl4IBBrSwgt+lgAMg0mL8qFmOGgCfd94B
jZBbx2NrJnUkLxexDt83wyg=
=+5zx
-----END PGP SIGNATURE-----
More information about the fedora-list
mailing list