Following Sebastians reply I'm more confused than ever. The way I read the manual (here: http://www.sendmail.org/~ca/email/cyrus2/sysadmin.html) to use sasldb I have to change pwcheck_method=shadow to pwcheck_method=auxprop in /usr/lib/sasl2/Sendmail.conf Is that correct? If so, then presumably I have to change MECH=shadow in /etc/sysconfig/saslauthd, but what to ? "saslauthd -v" returns: authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap httpform. There is no mention of sasldb in the above return. The installed default was MECH=pam, which I changed to get where I am. I need to get DIGEST-MD5 working while keeping PLAIN which already works: Assuming Sebstians assertion is correct, can I just duplicate authorization and/or authentication data in sasldb2 ? If I have to change pwcheck_method (as above) what about the MECH parameter in /etc/sysconfig/saslauthd ? Can I just specify MECH=pam ? Thanks for your patience. > Previous reply: > >Sebastian, thanks for the prompt reply. > >What do you mean 'original', the password for realuser or smmsp or both ? > >> Re: Sendmail, saslauthd, AUTH DIGEST-MD5 and /etc/shadow ? >> >> You'll have to use sasldb if you want to use DIGEST-MD5. Challenge-response >> only works when both sides know the original password. > >Charles Bradshaw
