Manualshelf

HP-UX Mailing Services Administrator's Guide (B2355-91064)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software
71727374757677787980
the option is enabled or uncommented in the generated sendmail.cf configuration
file.
To use Sendmail with STARTTLS, you must install the OpenSSL software on your
system. The OpenSSL software is available at:
http://www.software.hp.com.
Cyrus SASL v2 Support
The Simple Authentication and Security Layer (SASL) is a generic mechanism that
enables protocols to accomplish authentication. Some notable applications that use
SASL include Sendmail and Cyrus imapd (Versions 1.6.0 and later).
Applications use the SASL library to instruct applications how to accomplish the SASL
protocol exchange. The SASL library also communicates the results.
SASL is only a framework, and specific SASL mechanisms govern the exact protocol
exchange. If there are n protocols and m different ways of authenticating, SASL attempts
to make the authentication simple so that only n plus m different specifications need
be written, instead of n times m different specifications. With the Cyrus SASL library,
the mechanisms need be written only once, and they work with all servers that use it.
How SASL Works
SASL is governed by a mechanism that the client and the server can choose to use and
the exact implementation of that mechanism. This section describes how such a
mechanism works in the Cyrus SASL implementation.
The PLAIN Mechanism and sasl_checkpass() Call
The PLAIN mechanism is not a secure method of authentication. You must use PLAIN
over an encrypted connection created by STARTTLS. The PLAIN mechanism works
by transmitting the following information to the server: user ID, an authentication
ID, and a password. The server determines whether this information is allowed. The
Cyrus SASL library uses different methods to verify the password and the authentication
ID.
Following is a sample Cyrus SASL configuration file:
srvtab: /var/app/srvtab
pwcheck_method: kerberos_v4
Application Configuration
Applications can specify how the SASL library must search configuration information.
For instance, Cyrus imapd reads its SASL options from its own configuration file,
/etc/imapd.conf, by prefixing all SASL options with sasl_: The SASL
pwcheck_method option can be set by changing sasl_pwcheck_option in the
/etc/imapd.conf file.
80 Configuring and Administering Sendmail