Kerberos Authenticated SMTP Service Installation Instructions
This document describes how to install Kerberos authenticated SMTP service
on Penn UNIX servers. The
sendmailTM package is covered here since it is
the predominant SMTP software in use on UNIX platforms.
Note: |
This document assumes the reader is already
familiar with installing and configuring sendmail on a UNIX system.
Most UNIX system administrators will need site-specific customizations
to their sendmail configurations. This document therefore gives a very
general description of how to configure sendmail with Kerberos support.
Some sendmail
configuration hints
are available, but you might want to enlist the help of a more
experienced UNIX system administrator. |
Prerequisites
Before installing Kerberos authenticated SMTP service, the following
must be installed:
Obtain and unpack the software
Download the sendmail software from the following location:
http://www.sendmail.org/current-release.html
As of the writing of this document, the latest version is 8.12.6.
Unpack the sendmail software:
gzip -dc sendmail.8.12.6.tar.gz | tar xvf -
cd sendmail-8.12.6
Write a configuration file and build sendmail
Write a configuration file appropriate for the system in question. Exactly
what goes into the configuration file will vary from site to site. Readers
unfamiliar with the procedure are encouraged to consult the "README" file
in the top level of the unpacked distribution. Place the configuration file in
./devtools/Site/site.config.m4. A generic
configuration file follows (with directives to compile sendmail linked
with the Cyrus SASL libraries). It should be adapted as necessary:
APPENDDEF(`confENVDEF', `-DSASL')
APPENDDEF(`conf_sendmail_LIBS', `-lsasl')
APPENDDEF(`confLIBDIRS', `-L/usr/local/lib')
APPENDDEF(`confINCDIRS', `-I/usr/local/include')
Build sendmail:
sh Build -c
This creates a platform-specific subdirectory, called
obj.platform,
where platform is a text string that describes the hardware platform
and operating system. For example, on Solaris 8, the subdirectory is called
obj.SunOS.5.8.sun4. The sendmail and associated binaries are built
inside this platform-specific directory. Create a sendmail configuration file called
sendmail.cf
modified for the target
system. Again, the exact contents of the file vary.
Readers unfamiliar with the procedure should consult the file
./cf/README
for details. The configuration generation file should include the following
M4 macros to activate Kerberos5/GSSAPI as the available authentication
mechanism:
TRUST_AUTH_MECH(`GSSAPI')dnl
define(`confAUTH_MECHANISMS', `GSSAPI')dnl
Note: |
If it is necessary to
include support for non-Kerberized SMTP authentication, the following
variation should be used instead: |
TRUST_AUTH_MECH(`GSSAPI PLAIN LOGIN')dnl
define(`confAUTH_MECHANISMS', `GSSAPI PLAIN LOGIN')dnl
Assuming the configuration generation file is placed in
./cf/CF/sendmail.mc,
issue the following commands to create the actual configuration file:
cd CF/CF
sh Build sendmail.cf
Copy sendmail.cf into the appropriate system location. By default,
the location is /etc/mail/sendmail.cf, but again your
system may differ. Now execute:
cp sendmail.cf /etc/mail
Change to the top-level directory of the distribution
and install the sendmail binary:
cd obj.platform/sendmail
make install
Start 'sendmail'. Details are omitted because they are platform-specific.
While it is possible to start sendmail manually from the command line,
you'll probably want a startup script to do this. Verify that sendmail is running and that it advertises GSSAPI as an
available authentication mechanism. The simplest way is to connect to
the SMTP port (25), issue 'EHLO servername',
and see if sendmail reports
the following in its response:
250-AUTH GSSAPI
Be sure to confirm that
open relaying is disabled.
|
