Date: Sat, 13 Jul 2002 21:46:00 -0400 From: Leo Bicknell <bicknell@ufp.org> To: freebsd-arch@FreeBSD.ORG Subject: Re: Mail subsystem defaults, adding authentication. Message-ID: <20020714014600.GA70961@ussenterprise.ufp.org> In-Reply-To: <20020713105528.A24650@zardoc.esmtp.org> References: <20020713034725.GB47677@ussenterprise.ufp.org> <3D2FAFB2.E2E9CF36@mindspring.com> <20020713045704.GA49379@ussenterprise.ufp.org> <3D300FD4.7479A8E5@mindspring.com> <20020713132616.GB58979@ussenterprise.ufp.org> <20020713105528.A24650@zardoc.esmtp.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In a message written on Sat, Jul 13, 2002 at 10:55:28AM -0700, Claus Assmann wrote: > AuthOptions > ... > Example: > > O AuthOptions=p,y > > would disallow ANONYMOUS as AUTH mechanism > and would allow PLAIN only if a security > layer (e.g., provided by STARTTLS) is > already active. .... Thanks. I found a document on the authoptions earlier, but it confused me more than it enlightened me. This, plus Greg's mail makes a lot more things clear. Tomorrow I'll write up a better summary with this new info. At the end of the day it looks like if we add cyrus-sasl, which is BSD licensed then the default behavior will be unchanged, but it will be possible through a combination of rc.conf options, running saslpasswd, and/or running ssl key generation tools to do auth on a non-encrypted session using challenge response (against sasl passwords), or do auth against the password file (or any PAM method) over an ssl session. Thus we could make it as simple as 'sendmail_auth="unix"' (or pam, or whatever) for an admin to allow end clients to starttls, auth, and securely send e-mail all with their existing credential. That is exactly what I want to promote. Hopefully people will agree, and we can get to the code details (which actually seem really simple). -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020714014600.GA70961>