Re: Sendmail [was OpenSSL]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alexander Dalloz wrote:

<<--snip-->>

|
|
| Maybe a little misunderstanding: the default entry in Sendmail.conf is
| "pwcheck_method:saslauthd". Then the saslauthd must be running (service
| saslauthd status). The saslauthd is by default configured to auth
| against the shadow file. If you want to change that you will have to
| create a file /etc/sysconfig/saslauthd with content i.e. "MECH=pam",
| this will override the setting in the init script.

There is a file /etc/sysconfig/saslauthd that I did not create.  It
contains the following:
# To read about how postfix uses saslauthd read this:
# /usr/share/doc/postfix-*/README-Postfix-SASL-RedHat.txt
#
# To see a list of authentication mechanisms supported by saslauthd
execute this command
# /usr/sbin/saslauthd -v
#
# Default to pam
MECH=pam

Maybe this is another postfix change....  When I installed FC1, I
usually install everything.  It saves having to find something when I
need it.

Should I set the entry in Sendmail.conf to pwcheck_method:saslauthd.
Then change the /etc/sysconfig/saslauthd to use shadow?  Maybe, I'm a
little confused how this is suppose to work properly.....

<<--snip-->>

|
| I don't know what you did, but it sounds not proper. The cacert is
| something very different then the client certificates as ipop3d.pem.
| Maybe should post you a brief description of the necessary steps.
|

The ipop3d.pem is needed for the server to authenticate with the client
when connecting.  The client then imports this certificate into its
database of accepted certs.  The ipop3d.pem is a server cert that
identifies (in my case the server: beta.support.intcomgrp.com on IP
192.168.10.20).

<<--snip-->>

| One last note: The default setting in sendmail.mc is not to force
| STARTTLS being active for PLAIN and LOGIN AUTH. If you did not already
| change that, then change that to allow LOGIN and PLAIN only after
| STARTTLS has been done:
|
| define(`confAUTH_OPTIONS', `A p')dnl
|
| Else it matters how the user configured his client, if he did activate
| SSL/TLS in his mail client. And you know, never trust the user.

Already done...  although I've even seen one setup on the web that
suggests `A p y'.

<<--snip-->>

Thanks,
James
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFA9u0Bc7lFLjBWKW0RAnU5AKCSl4IBBrSwgt+lgAMg0mL8qFmOGgCfd94B
jZBbx2NrJnUkLxexDt83wyg=
=+5zx
-----END PGP SIGNATURE-----



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux