[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sendmail
Subject:    confAUTH_OPTIONS behavior change?
From:       Damian Menscher <menscher+sendmail () uiuc ! edu>
Date:       2004-09-30 22:47:08
Message-ID: 1041010033.~INN-SEAa00150.comp-news () dl ! ac ! uk
[Download RAW message or body]

I'm attempting to set up a mailserver on RHEL3 so users with laptops
can relay through us whether they're at home or at work.  Obviously
security of user passwords is an issue.  RHEL3 uses sendmail 8.12.11.

I enabled STARTTLS and it appears to be working.  But currently the
only AUTH option is GSSAPI, and it's offered with the initial EHLO.
I'm guessing it would be wise to add in the PLAIN/LOGIN options, but
protect them behind TLS.

According to RedHat's sample sendmail.mc, the 'p' option to
confAUTH_OPTIONS disallows plaintext authentication (PLAIN/LOGIN) on
non-TLS links (and presumably allows them after STARTTLS has been
issued).  But I can't find any documentation for this elsewhere.

The first "official" mention I found of the 'p' option was from the
op.ps from sendmail 8.13.0, where it says that option enables
pipelining (and is on by default).  They say the 'c' option requires
security layer for plaintext AUTH.  But that 'c' option isn't found
in any documentation for the version of sendmail I'm running
(8.12.11).  And somehow I don't think I'm going to figure this out
anytime soon by reading the source (I tried).

Similarly, the 'A' parameter is documented by 8.13.0 as "do no offer
AUTH".  But I have that set, and I still see 250-AUTH GSSAPI after
the initial EHLO.

Could someone with a clue give me a hint here?  Did sendmail just
change what their options mean (and screw those who try migrating
their old config files)?  Or am I missing something obvious?

If anyone has recommendations for which AUTH_MECHANISMS I should be
sure to have working, I'd appreciate that also.

Damian Menscher
-- 
-=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=-
-=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=-
-=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=-
-=#| <menscher@uiuc.edu> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=-
-=#| The above opinions are not necessarily those of my employers. |#=-


[prev in list] [next in list] [prev in thread] [next in thread]