HP-UX Mailing Services Administrator's Guide
Sendmail 8.13.3
New Features in Sendmail 8.13.3
Chapter 3128
The PLAIN Mechanism and sasl_checkpass() Call The PLAIN mechanism
is not a secure method of authentication by itself. It is intended for connections
that are being encrypted by another level. For example, the IMAP command
"STARTTLS" creates an encrypted connection over which PLAIN can be used.
The PLAIN mechanism works by transmitting a user ID, an authentication ID,
and a password to the server, and the server then determines whether that is an
allowable triple.
The principal concern is how the authentication and password are verified. The
Cyrus SASL library is flexible in this regard.
A standard Cyrus SASL configuration file looks like:
srvtab: /var/app/srvtab
pwcheck_method: kerberos_v4
Application Configuration Applications can redefine how the SASL library
looks for configuration information.
For instance, Cyrus imapd reads its SASL options from its own configuration file,
/etc/imapd.conf, by prepending all SASL options with sasl_: The SASL option
pwcheck_method is set by changing sasl_pwcheck_option in the
/etc/imapd.conf file.
Configuring Cyrus SASL v2 in Sendmail To configure Cyrus SASL
v2 in Sendmail, you must change the default values for the following
options in the Sendmail configuration file:
C{TrustAuthMech}GSSAPI DIGEST-MD5 CRAM-MD5 ANONYMOUS PLAIN
# list of authentication mechanisms
O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5
CRAM-MD5 ANONYMOUS PLAIN
# Authentication realm
#O AuthRealm
# default authentication information for outgoing connections
O DefaultAuthInfo=/etc/mail/default-auth-info
The submit.cf File
The submit.cf file is the client configuration file for Sendmail. The
/usr/newconfig/etc/mail/cf/cf/submit.cf.gen file is the default
Sendmail configuration file. You can also use the
/usr/newconfig/etc/mail/cf/cf/gen_cf script to regenerate the