* Jay G. Scott <g...@arlut.utexas.edu>: > okay, maybe i'm catching on. > > i set up the /etc/sasldb2 method of authentication. > that's doing .... so far .... what i want. > > 1. okay, i guess /etc/postfix/sasl_passwd is only for client > security? but why does the client need security? my /etc/postfix/sasl_passwd
Clients need to identify themselves too if a remote server requires that. > file (and assoc .db) were nonsensical, yet i got authenticated, > encrypted email delivered to that machine, and read it w/ mutt. > what does /etc/postfix/sasl_passwd really do? /etc/postfix/sasl_passwd provides a mapping from servers the Postfix smtp client connects to and the username:passwords it should use when it authenticates with the remote SMTP server. > am i not really using it? should i remove those references in main.cf? If your Postfix smtp client does not need to authenticate, yes. > i guess /etc/sasldb2 is doing what i wanted. namely, i wanted > to make a list of all the users (and passwords) that i liked, > and let the mail server play nice with them, and not let > anyone else play. yep. > 2. did i just open holes in my security? is this a pretty reasonable > way to do what i want? Hard to tell without knowing the current config settings. Send an updated version of "postconf -n". > 3. do i have extraneous stuff in my main.cf file now? > what do i need to delete? postconf -n ... > 4. i said "method of authentication" but that's sloppy, right, > i'm using auxprop(?) as the password-verification service? Nope. auxprop and password-verification service are two pairs of shoes (as we say in Germany...). > or saslauthd with an auxprop plugin? i know i'm using saslauthd, > i just want to know what the right term is, should i ever > need to tell someone what i'm doing. libsasl uses either an internal method or an external password authentication service. If it uses the interal method the (auxprop) plugin reads passwords from an authentication backend and compares that plaintext string to the password submitted from the mail client. With an external password authentication service it just asks the service: Is this password for this username valid and the password authentication service responds either "yes" or "no". HTH, p...@rick -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
