SMTP-AUTH based on group membership

Hi,

Some users are allowed to SSH in based on their group membership.
I would like to deny these members plaintext auth and force them to
use TLS.

TLS_Clt doesn't fit the bill as some users are roadwarriors connecting
from unknown hosts.

Is this not possible to do with Sendmail?
And if not, can someone who understands the source, clarify if this is
a non-trivial feature to hack or request the sendmail team for?



Regards,
Avinash
avinash.duduskar [ So, 02 September 2007 09:10 ] [ ID #1810967 ]

Re: SMTP-AUTH based on group membership

I should've sniffed an entire SMTP conversation before.
The username and password are sent together, so the entire purpose of
preventing people with SSH access to transmit cleartext passwords is
not possible.

Most use SSH certificates, well, back to educating the users.


- Avinash
avinash.duduskar [ Fr, 07 September 2007 18:53 ] [ ID #1815358 ]

Re: SMTP-AUTH based on group membership

In article <1189184036.957906.109840 [at] w3g2000hsg.googlegroups.com> Avi
<avinash.duduskar [at] gmail.com> writes:
>I should've sniffed an entire SMTP conversation before.
>The username and password are sent together, so the entire purpose of
>preventing people with SSH access to transmit cleartext passwords is
>not possible.

Right, you can't require TLS based on username - but why not always
require TLS for cleartext auth mechanisms? I.e.
define(`confAUTH_OPTIONS', `p') in the .mc file.

--Per Hedeland
per [at] hedeland.org
per [ Sa, 08 September 2007 00:56 ] [ ID #1815366 ]
Miscellaneous » comp.mail.sendmail » SMTP-AUTH based on group membership

Vorheriges Thema: SASL Auth -- "no secret in database"
Nächstes Thema: configuration to split multiple recipients at a domain to individual messages?

[ Startseite ] [ Administrator ] [ Suche ] [ Hinweise ] [ Impressum ]

Powered by FudForum