When sendmail is compiled with SASL (SASL) defined, authenticated connections can be supported. When negotiating an authenticated connection certain information is required, specifically and in this order:
This information can be stored either in a file where the items are listed one per line in the order shown, or in a program that is run and that prints these items to its standard output, one per line in the order shown. A program is a path specification prefixed with a vertical bar character. A file is a path specification not prefixed. The DefaultAuthInfo option is declared like this: O DefaultAuthInfo= path configuration file (V8.10 and later) -ODefaultAuthInfo= path command line (V8.10 and later) define(`confDEF_AUTH_INFO',` path') mc configuration (V8.10 and later) The file or program specified by path must live in a secure directory (that is, one in which every component is writable only by root or the trusted user specified in the TrustedUser option), and must be readable or executable only by root or the user listed in the TrustedUser option (TrustedUser). This option is not declared in the default configuration file generated by the mc configuration technique. The recommended path for the file form is /etc/mail/default-auth- info . No programs currently exist which can provide the information that is currently provided by the file. Note that this DefaultAuthInfo option was introduced in V8.10 and declared deprecated in V8.12. Its functionality has been replaced by the access database (Section 10.9.3) and the authinfo feature (FEATURE(authinfo)). The DefaultAuthInfo option is not safe. If specified from the command line, it can cause sendmail to relinquish its special privileges. |