From owner-freebsd-arch Sun Jul 14 4:24:31 2002 Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C9CD537B400 for ; Sun, 14 Jul 2002 04:24:28 -0700 (PDT) Received: from mailout10.sul.t-online.com (mailout10.sul.t-online.com [194.25.134.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4771D43E31 for ; Sun, 14 Jul 2002 04:24:28 -0700 (PDT) (envelope-from Alexander@Leidinger.net) Received: from fwd05.sul.t-online.de by mailout10.sul.t-online.com with smtp id 17ThUG-0001bV-00; Sun, 14 Jul 2002 13:24:24 +0200 Received: from Andro-Beta.Leidinger.net (520065502893-0001@[217.229.220.246]) by fmrl05.sul.t-online.com with esmtp id 17ThU6-120osaC; Sun, 14 Jul 2002 13:24:14 +0200 Received: from Magelan.Leidinger.net (Magelan [192.168.1.1]) by Andro-Beta.Leidinger.net (8.11.6/8.11.6) with ESMTP id g6EBO3x07659; Sun, 14 Jul 2002 13:24:03 +0200 (CEST) (envelope-from Alexander@Leidinger.net) Received: from Leidinger.net (netchild@localhost [127.0.0.1]) by Magelan.Leidinger.net (8.12.5/8.12.5) with ESMTP id g6EBNuxQ064288; Sun, 14 Jul 2002 13:23:59 +0200 (CEST) (envelope-from netchild@Leidinger.net) Message-Id: <200207141123.g6EBNuxQ064288@Magelan.Leidinger.net> Date: Sun, 14 Jul 2002 13:23:55 +0200 (CEST) From: Alexander Leidinger Subject: Re: Mail subsystem defaults, adding authentication. To: bicknell@ufp.org Cc: freebsd-arch@FreeBSD.ORG In-Reply-To: <20020714014600.GA70961@ussenterprise.ufp.org> MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii X-Sender: 520065502893-0001@t-dialin.net Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 13 Jul, Leo Bicknell wrote: > Tomorrow I'll write up a better summary with this new info. At > the end of the day it looks like if we add cyrus-sasl, which is > BSD licensed then the default behavior will be unchanged, but it > will be possible through a combination of rc.conf options, running > saslpasswd, and/or running ssl key generation tools to do auth on > a non-encrypted session using challenge response (against sasl > passwords), or do auth against the password file (or any PAM method) > over an ssl session. Thus we could make it as simple as > 'sendmail_auth="unix"' (or pam, or whatever) for an admin to allow > end clients to starttls, auth, and securely send e-mail all with > their existing credential. It would be nice if it would work like the ssh key stuff. If there's no credential at boot time: create one. Bye, Alexander. -- If Bill Gates had a dime for every time a Windows box crashed... ...Oh, wait a minute, he already does. http://www.Leidinger.net Alexander @ Leidinger.net GPG fingerprint = C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message