On 12/11/17 15:46 -0500, Mark Foley wrote:
I would like to enable saslauthd for GSSAPI for sendmail authentication. I am running Samba4 4.4.16 on Slackware64 14.2. Samaba4 includes Heimdal kerberos. The Dovecot mail server authenticates domain users using the Thunderbird email client via GSSAPI, so that indicates to me that it is doable. My current saslauthd has: $ saslauthd -v saslauthd 2.1.26 authentication mechanisms: getpwent rimap shadow So, I believe this means I have to build sasl from source to enable GSSAPI. I downloaded the 2.1.26 tarball from ftp://ftp.cyrusimap.org/cyrus-sasl/. I did: $ ./configure --enable-gssapi --with-gss_impl=heimdal $ make $ saslauthd/saslauthd -v saslauthd 2.1.26 authentication mechanisms: getpwent rimap shadow Despite specifying --enable-gssapi the new binary does not show gssapi as a mechanism. Why?
--enable-gssapi= should specify a directory (./configure --help). The configure script uses the value like so: if test -d ${gssapi}; then CPPFLAGS="$CPPFLAGS -I$gssapi/include" cmu_saved_CPPFLAGS=$CPPFLAGS LDFLAGS="$LDFLAGS -L$gssapi/lib" Check your config.log to verify. If successful, add '-a kerberos5' to your saslauthd command line to enable. Note that this does not enable SASL GSSAPI authentication, but rather Kerberos authentication underneath SASL PLAIN or LOGIN. Consult Sendmail documentation for enabling GSSAPI directly: http://www.sendmail.org/~ca/email/auth.html