I'm struggling to create the satisfactory set of records in sasldb2.db. If I use the regular
saslpasswd2 -c user
I get exactly one record, according to sasldblistusers2:
[email protected]: userPassword
whereas this page leads me to believe, there ought to be a line for each mechanism (DIGEST-MD5, CRAM-MD5, and so on).
If I add -n to avoid storing the plain-text (I only really need the CRAM-MD5):
saslpasswd2 -n -c user
then sasldblistusers2 finds no records to list at all. My saslpasswd.conf consists of two lines:
mech_list: cram-md5 digest-md5 ntlm plain
log_level: 9
I tried this on FreeBSD using cyrus-sasl-2.1.26_12 and Ubuntu with 2.1.25... What am I doing wrong?
I need CRAM-MD5 because, without further reconfiguring, my sendmail only lists that and DIGEST-MD5 as the acceptable AUTH-mechanisms. And the iPhones, apparently, do not support DIGEST-MD5. And I'm only doing all of this for the sake of a couple of iPhones -- the normal computers already authenticate themselves with the client SSL-certificates issued by my own authority.
Ok, apparently, the CRAM-MD5 authentication has been succeeding all along -- despite not being listed by sasldblistusers2. I created a new question -- why does sendmail refuse relaying despite authentication's success.
I've managed to get it working with the following:
/etc/mail/sendmail.mc has the following set:
/etc/sasl2/Sendmail.conf contains the following:
Add a user to /etc/sasldb2 with:
Then test with:
You can probably pare the settings down the absolute minimum but the above worked for me. This was on a RHEL 7 host.