Re: Enabling cyrus-sasl for gssapi

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On 12/15/17 12:21 -0500, Mark Foley wrote:
Yes, that's the exact page I've been consulting.

This site:
further advises downloading and applying *REQUIRED* patches:


I haven't reviewed the patches, but it's probably a good idea to used them,
unless you're using a 2.1.27 prerelease, or you could download the
source+patches for your base system (e.g. Debian or Redhat).

Finally, if you've read this far! You wrote in a previous message:

I would personally not use saslauthd in the above manner [authenticating with
sendmail].  If you have a controlled environment where your clients
(Thunderbird) are known to support GSSAPI negotiation over the network, then
configuring Sendmail to support GSSAPI directly is secure and recommended.

The "configuring Sendmail to support GSSAPI directly" is the bit that got my
attention.  To clarify, in order to do Sendmail and GSSAPI directly I *do* need
SASL, but *do not* need saslauthd, right?

Yes, that's correct. You'd configure Sendmail to use the GSSAPI
authentication plugin, but not PLAIN or LOGIN, which would make saslauthd

[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux