24.10 SMTP Authentication

- update for cyrus-sasl2, including saslauthd
- fix instructions on rebuilding sendmail
- remove mentiond of DEF_AUTH_INFO, it's only used when sendmail is authorizing
  as a client against remote server, thus out of scope of this document

Reviewed by:	keramida
PR:		docs/53575, docs/93363

en_US.ISO8859-1/books/handbook/mail/chapter.sgml

@@ -1645,26 +1645,38 @@ define(`confDELIVERY_MODE',`deferred')dnl</programlisting>
 
     <procedure>
       <step>
-	<para>Install <filename role="package">security/cyrus-sasl</filename>
+	<para>Install <filename role="package">security/cyrus-sasl2</filename>
 	  from the ports. You can find this port in
-	  <filename role="package">security/cyrus-sasl</filename>.
-	  <filename role="package">security/cyrus-sasl</filename> has
-	  a number of compile time options to choose from and, for
-	  the method we will be using here, make sure to select the
-	  <option>pwcheck</option> option.</para>
+	  <filename role="package">security/cyrus-sasl2</filename>.  The
+	  <filename role="package">security/cyrus-sasl2</filename> port
+	  supports a number of compile-time options.  For the SMTP
+	  Authentication method we will be using here, make sure that
+	  the <option>LOGIN</option> option is not disabled.</para>
       </step>
 
 
       <step>
-	<para>After installing <filename role="package">security/cyrus-sasl</filename>,
-	  edit <filename>/usr/local/lib/sasl/Sendmail.conf</filename>
+	<para>After installing <filename role="package">security/cyrus-sasl2</filename>,
+	  edit <filename>/usr/local/lib/sasl2/Sendmail.conf</filename>
 	  (or create it if it does not exist) and add the following
 	  line:</para>
 
-	<programlisting>pwcheck_method: passwd</programlisting>
+	<programlisting>pwcheck_method: saslauthd</programlisting>
+      </step>
 
-	<para>This method will enable <application>sendmail</application>
-	  to authenticate against your FreeBSD <filename>passwd</filename>
+      <step>
+	<para>Next, install <filename role="package">security/cyrus-sasl2-saslauthd</filename>,
+	  edit <filename>/etc/rc.conf</filename> to add the following
+	  line:</para>
+
+	<programlisting>saslauthd_enable="YES"</programlisting>
+
+	<para>and finally start the saslauthd daemon:</para>
+
+	<screen>&prompt.root; <userinput>/usr/local/etc/rc.d/saslauthd start</userinput></screen>
+
+	<para>This daemon serves as a broker for <application>sendmail</application> to
+	  authenticate against your FreeBSD <filename>passwd</filename>
 	  database.  This saves the trouble of creating a new set of usernames
 	  and passwords for each user that needs to use
 	  <acronym>SMTP</acronym> authentication, and keeps the login
@@ -1675,14 +1687,14 @@ define(`confDELIVERY_MODE',`deferred')dnl</programlisting>
 	<para>Now edit <filename>/etc/make.conf</filename> and add the
 	  following lines:</para>
 
-	<programlisting>SENDMAIL_CFLAGS=-I/usr/local/include/sasl1 -DSASL
+	<programlisting>SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL
 SENDMAIL_LDFLAGS=-L/usr/local/lib
-SENDMAIL_LDADD=-lsasl</programlisting>
+SENDMAIL_LDADD=-lsasl2</programlisting>
 
 	<para>These lines will give <application>sendmail</application>
 	the proper configuration options for linking
-	to <filename role="package">cyrus-sasl</filename> at compile time.
-	Make sure that <filename role="package">cyrus-sasl</filename>
+	to <filename role="package">cyrus-sasl2</filename> at compile time.
+	Make sure that <filename role="package">cyrus-sasl2</filename>
 	has been installed before recompiling
 	<application>sendmail</application>.</para>
       </step>
@@ -1690,11 +1702,12 @@ SENDMAIL_LDADD=-lsasl</programlisting>
       <step>
 	<para>Recompile <application>sendmail</application> by executing the following commands:</para>
 
-	<screen>&prompt.root; <userinput>cd /usr/src/usr.sbin/sendmail</userinput>
-&prompt.root; <userinput>make cleandir</userinput>
-&prompt.root; <userinput>make obj</userinput>
-&prompt.root; <userinput>make</userinput>
-&prompt.root; <userinput>make install</userinput></screen>
+	<screen>&prompt.root; <userinput>cd /usr/src/lib/libsmutil</userinput>
+&prompt.root; <userinput>make cleandir && make obj && make</userinput>
+&prompt.root; <userinput>cd /usr/src/lib/libsm</userinput>
+&prompt.root; <userinput>make cleandir && make obj && make</userinput>
+&prompt.root; <userinput>cd /usr/src/usr.sbin/sendmail</userinput>
+&prompt.root; <userinput>make cleandir && make obj && make && make install</userinput></screen>
 
 	<para>The compile of <application>sendmail</application> should not have any problems
 	  if <filename>/usr/src</filename> has not been changed extensively
@@ -1710,8 +1723,7 @@ SENDMAIL_LDADD=-lsasl</programlisting>
 
 	<programlisting>dnl set SASL options
 TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
-define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
-define(`confDEF_AUTH_INFO', `/etc/mail/auth-info')dnl</programlisting>
+define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl</programlisting>
 
 	<para>These options configure the different methods available to
 	<application>sendmail</application> for authenticating users.
@@ -1739,14 +1751,6 @@ define(`confDEF_AUTH_INFO', `/etc/mail/auth-info')dnl</programlisting>
       <application>sendmail</application> to 13 and watch
       <filename>/var/log/maillog</filename> for any errors.</para>
 
-    <para>You may wish to add the following line to <filename>/etc/rc.conf</filename>
-      so this service will be available after every system boot:</para>
-
-    <programlisting>cyrus_pwcheck_enable="YES"</programlisting>
-
-    <para>This will ensure the initialization of <acronym>SMTP_AUTH</acronym> upon system
-      boot.</para>
-
     <para>For more information, please see the <application>sendmail</application>
       page regarding
       <ulink url="http://www.sendmail.org/~ca/email/auth.html">