HP-UX Mailing Services Administrator's Guide
Configuring and Administering Sendmail
Security
Chapter 278
mainly used for roaming users whose IP address and host name changes
repeatedly. In this case, authorization is via a secret password, which is
client dependent.
The authentication protocol exchange consists of a series of server
challenges (otherwise known as a ready response) and client answers
that are specific to the authentication mechanism.
The AUTH parameter to the MAIL FROM command is set as follows:
MAIL FROM: from-addr AUTH=addr-spec
The addr-spec contains the identity that submitted the message to the
delivery system. If the server trusts the authenticated identity of the
client to assert that the message was originally submitted by the
supplied addr-spec, then the server must supply the same addr-spec in
an AUTH parameter when relaying the message to any server that
supports the AUTH extension.
You can specify the list of authentication mechanisms for AUTH in the
AuthMechanisms option in the sendmail.cf file. By default, it appears
in the sendmail.cf file as follows:
#O AuthMechanisms=GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
If you set this option to A, the AUTH= parameter for the MAIL FROM
command is issued only when authentication succeeds.
DaemonPortOptions has a suboption called modifiers (M). The
modifiers suboption contains an authentication flag a, which instructs
the daemon to authenticate all its connections.
By default, it appears in the sendmail.cf file as:
#O DefaultAuthInfo=/etc/mail/default-auth-info
The DefaultAuthInfo option sets the file name, which by default
contains the authentication information for outgoing connections. It
must contain the authorization ID (userid), the authentication ID
(authid), the password (plain text), and the realm to use, each on a
separate line. This information must be readable only by root (or by the
trusted user). If you do not specify a realm, $j is used.