Re: Enabling cyrus-sasl for gssapi

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On 12/11/17 15:46 -0500, Mark Foley wrote:
I would like to enable saslauthd for GSSAPI for sendmail authentication.  I am
running Samba4 4.4.16 on Slackware64 14.2.  Samaba4 includes Heimdal kerberos.
The Dovecot mail server authenticates domain users using the Thunderbird email
client via GSSAPI, so that indicates to me that it is doable.  My current
saslauthd has:

$ saslauthd -v
saslauthd 2.1.26
authentication mechanisms: getpwent rimap shadow

So, I believe this means I have to build sasl from source to enable GSSAPI.

I downloaded the 2.1.26 tarball from I did:

$ ./configure --enable-gssapi --with-gss_impl=heimdal
$ make
$ saslauthd/saslauthd -v
saslauthd 2.1.26
authentication mechanisms: getpwent rimap shadow

Despite specifying --enable-gssapi the new binary does not show gssapi as a
mechanism. Why?

--enable-gssapi= should specify a directory (./configure --help). The
configure script uses the value like so:

 if test -d ${gssapi}; then
   CPPFLAGS="$CPPFLAGS -I$gssapi/include"
   LDFLAGS="$LDFLAGS -L$gssapi/lib"

Check your config.log to verify. If successful, add '-a kerberos5' to your
saslauthd command line to enable.

Note that this does not enable SASL GSSAPI authentication, but rather
Kerberos authentication underneath SASL PLAIN or LOGIN.

Consult Sendmail documentation for enabling GSSAPI directly:

[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux