Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 13 Jul 2002 21:46:00 -0400
From:      Leo Bicknell <bicknell@ufp.org>
To:        freebsd-arch@FreeBSD.ORG
Subject:   Re: Mail subsystem defaults, adding authentication.
Message-ID:  <20020714014600.GA70961@ussenterprise.ufp.org>
In-Reply-To: <20020713105528.A24650@zardoc.esmtp.org>
References:  <20020713034725.GB47677@ussenterprise.ufp.org> <3D2FAFB2.E2E9CF36@mindspring.com> <20020713045704.GA49379@ussenterprise.ufp.org> <3D300FD4.7479A8E5@mindspring.com> <20020713132616.GB58979@ussenterprise.ufp.org> <20020713105528.A24650@zardoc.esmtp.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
In a message written on Sat, Jul 13, 2002 at 10:55:28AM -0700, Claus Assmann wrote:
>       AuthOptions
> ...
>                 Example:
> 
>                     O AuthOptions=p,y
> 
>                 would disallow ANONYMOUS as  AUTH  mechanism
>                 and  would  allow  PLAIN  only if a security
>                 layer  (e.g.,  provided  by   STARTTLS)   is
>                 already  active.  ....

Thanks.  I found a document on the authoptions earlier, but it
confused me more than it enlightened me.  This, plus Greg's mail
makes a lot more things clear.

Tomorrow I'll write up a better summary with this new info.  At
the end of the day it looks like if we add cyrus-sasl, which is
BSD licensed then the default behavior will be unchanged, but it
will be possible through a combination of rc.conf options, running
saslpasswd, and/or running ssl key generation tools to do auth on
a non-encrypted session using challenge response (against sasl
passwords), or do auth against the password file (or any PAM method)
over an ssl session.  Thus we could make it as simple as
'sendmail_auth="unix"' (or pam, or whatever) for an admin to allow
end clients to starttls, auth, and securely send e-mail all with
their existing credential.

That is exactly what I want to promote.  Hopefully people will
agree, and we can get to the code details (which actually seem
really simple).

-- 
       Leo Bicknell - bicknell@ufp.org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020714014600.GA70961>