On Date: Fri, 15 Dec 2017 11:36:33 -0600 Dan White <dwhite@xxxxxxx> wrote: > On 12/15/17 12:21 -0500, Mark Foley wrote: > > > >> I would personally not use saslauthd in the above manner [authenticating with > >> sendmail]. If you have a controlled environment where your clients > >> (Thunderbird) are known to support GSSAPI negotiation over the network, then > >> configuring Sendmail to support GSSAPI directly is secure and recommended. > > > >The "configuring Sendmail to support GSSAPI directly" is the bit that got my > >attention. To clarify, in order to do Sendmail and GSSAPI directly I *do* need > >SASL, but *do not* need saslauthd, right? > > Yes, that's correct. You'd configure Sendmail to use the GSSAPI > authentication plugin, but not PLAIN or LOGIN, which would make saslauthd > irrelevant. But, I do need SASL for Sendmail, right? Just not saslauthd? Also, you mentioned in a previous email that to build sasl, in my ./configure, I need: ./configure --enable-gssapi=<DIR> > The directory should point to to where your kerberos library and headers > are installed. First of all, how did you know that's what "<DIR>" means? I couldn't find anything about that on the website, in the installation instructions or in the doc/ files, or by searching the web. Other than that, I have libraries from the Samba4 installation in: /usr/lib64/libkrb5samba-samba4.so /usr/lib64/libheimntlm-samba4.so.1.0.1 /usr/lib64/python2.7/site-packages/samba/dcerpc/krb5pac.so /usr/lib64/libndr-krb5pac.so.0.0.1 /usr/lib64/winbind_krb5_locator.so /usr/lib64/gensec/krb5.so /usr/lib64/libauthkrb5-samba4.so /usr/lib64/libkrb5-samba4.so.26.0.0 /usr/lib64/libheimbase-samba4.so.1.0.0 And Kerberos related Samaba4 header files in: /usr/include/openssl/krb5_asn.h /usr/include/c++/5.3.0/javax/security/auth/kerberos/KerberosPrincipal.h /usr/include/c++/5.3.0/javax/security/auth/kerberos/KerberosTicket.h /usr/include/c++/5.3.0/javax/security/auth/kerberos/KerberosKey.h /usr/include/samba-4.0/gen_ndr/ndr_krb5pac.h /usr/include/samba-4.0/gen_ndr/krb5pac.h /usr/local/include/gssapi/gssapi_krb5.h /usr/local/include/krb5/krb5.h /usr/local/include/krb5.h I've also just installed Heimdal Kerberos. Libraries are in: /usr/heimdal/lib/libheimbase.so.1.0.0 /usr/heimdal/lib/libheimedit.so.0.0.36 /usr/heimdal/lib/libkrb5.so.26.0.0 /usr/heimdal/lib/libheimsqlite.so.0.0.0 /usr/heimdal/lib/libheimntlm.so.0.1.0 and these newly installed header files are in: /usr/heimdal/include/heimbase.h /usr/heimdal/include/krb5-types.h /usr/heimdal/include/krb5-protos.h /usr/heimdal/include/krb5_asn1.h /usr/heimdal/include/krb5_ccapi.h /usr/heimdal/include/heim_err.h /usr/heimdal/include/heimntlm-protos.h /usr/heimdal/include/heimntlm.h /usr/heimdal/include/gssapi/gkrb5_err.h /usr/heimdal/include/gssapi/gssapi_krb5.h /usr/heimdal/include/heim-ipc.h /usr/heimdal/include/krb5_err.h /usr/heimdal/include/heim_asn1.h /usr/heimdal/include/krb5.h I'd like to try using the Heimdal that came with Samba4. I can point the library DIR to /usr/lib64, but what about the headers? Do the Samba4/Heimdal headers look like what I need for the build? If that's not going to work, I'll try building against the new Heimdal install. In this case, what would my =<DIR> be? /usr/heimdal ? THX --Mark
