author: Clement Laforet <clement@FreeBSD.org> 2004-03-05 19:33:57 +0000
committer: Clement Laforet <clement@FreeBSD.org> 2004-03-05 19:33:57 +0000
commit: 656632f3ae46c0c392bc9e0fb838bdd185640593 (patch)
tree: cae3fd5e4bf09c2d4474987e52d914b1d04c162b /security/cyrus-sasl
parent: 07ae080f6b9b9dec5706bd49d72b12a028930ee8 (diff)
4 files changed, 135 insertions, 25 deletions
diff --git a/security/cyrus-sasl/Makefile b/security/cyrus-sasl/Makefile
index 670659e6452c..4a0b1ec9b368 100644
--- a/security/cyrus-sasl/Makefile
+++ b/security/cyrus-sasl/Makefile
@@ -10,7 +10,7 @@ PORTVERSION=	1.5.28
 PORTREVISION=	2
 CATEGORIES=	security ipv6
 
-MAINTAINER=	ports@FreeBSD.org
+MAINTAINER=	FreeBSD-Maintainer@westbend.net
 COMMENT=	RFC 2222 SASL (Simple Authentication and Security Layer)
 
 DISTFILES=	${DISTNAME}${EXTRACT_SUFX} \
@@ -225,12 +225,12 @@ pre-configure:
 pre-install:
 	@${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
 	@if [ -f ${PREFIX}/sbin/saslauthd ]; then \
-		mv ${PREFIX}/sbin/saslauthd ${PREFIX}/sbin/saslauthd2; \
+		${MV} ${PREFIX}/sbin/saslauthd ${PREFIX}/sbin/saslauthd2; \
 		if [ -f ${PREFIX}/man/man8/saslauthd.8 ]; then \
-			mv ${PREFIX}/man/man8/saslauthd.8 \
+			${MV} ${PREFIX}/man/man8/saslauthd.8 \
 			   ${PREFIX}/man/man8/saslauthd2.8; \
 		elif [ -f ${PREFIX}/man/man8/saslauthd.8.gz ]; then \
-			mv ${PREFIX}/man/man8/saslauthd.8.gz \
+			${MV} ${PREFIX}/man/man8/saslauthd.8.gz \
 			   ${PREFIX}/man/man8/saslauthd2.8.gz; \
 		fi; \
 	fi
@@ -262,15 +262,15 @@ post-install:
 	@${INSTALL_DATA} ${WRKSRC}/java/doc/draft-weltman-java-sasl-02.txt ${DOCSDIR}
 	@${INSTALL_DATA} ${FILESDIR}/Sendmail.README ${DOCSDIR}
 .endif
-	@mv ${PREFIX}/sbin/saslauthd ${PREFIX}/sbin/saslauthd1
-	@mv ${PREFIX}/man/man8/saslauthd.8 ${PREFIX}/man/man8/saslauthd1.8
+	@${MV} ${PREFIX}/sbin/saslauthd ${PREFIX}/sbin/saslauthd1
+	@${MV} ${PREFIX}/man/man8/saslauthd.8 ${PREFIX}/man/man8/saslauthd1.8
 	@if [ -f ${PREFIX}/sbin/saslauthd2 ]; then \
-		mv ${PREFIX}/sbin/saslauthd2 ${PREFIX}/sbin/saslauthd; \
+		${MV} ${PREFIX}/sbin/saslauthd2 ${PREFIX}/sbin/saslauthd; \
 		if [ -f ${PREFIX}/man/man8/saslauthd2.8 ]; then \
-			mv ${PREFIX}/man/man8/saslauthd2.8 \
+			${MV} ${PREFIX}/man/man8/saslauthd2.8 \
 			   ${PREFIX}/man/man8/saslauthd.8; \
 		elif [ -f ${PREFIX}/man/man8/saslauthd2.8.gz ]; then \
-			mv ${PREFIX}/man/man8/saslauthd2.8.gz \
+			${MV} ${PREFIX}/man/man8/saslauthd2.8.gz \
 			   ${PREFIX}/man/man8/saslauthd.8.gz; \
 		fi; \
 	fi
diff --git a/security/cyrus-sasl/files/Sendmail.README b/security/cyrus-sasl/files/Sendmail.README
index dedf27d77550..23d06599e12b 100644
--- a/security/cyrus-sasl/files/Sendmail.README
+++ b/security/cyrus-sasl/files/Sendmail.README
@@ -72,3 +72,119 @@ How to enable SMTP AUTH with FreeBSD default Sendmail
    The DONT_BLAME_SENDMAIL option GroupReadableSASL[DB]File is needed when you
    are using cyrus-imapd and sendmail on the same server that requires access
    to the sasldb database.
+
+----
+
+To test Authentication with the sendmail server:
+
+   You'll need to install the following PERL ports:
+	converters/p5-MIME-Base64
+	security/p5-Digest-MD5
+	security/p5-Digest-HMAC
+
+   Then use one of the following procedures to test:
+
+   A. PLAIN Mech:
+      1. Create your Base64 encoded username/password.
+
+         #perl -MMIME::Base64 -e 'print encode_base64("username\0username\0password");'
+         dXNlcm5hbWUAdXNlcm5hbWUAcGFzc3dvcmQ=
+
+      2. telnet to port 25 of your sendmail server
+
+      3. send "EHLO <client.host.name>"
+         a. check for "250-AUTH *" in the response
+         b. check that the PLAIN mech is listed.
+
+      4. Send "AUTH PLAIN <Base64 username/password>"
+
+         AUTH PLAIN dXNlcm5hbWUAdXNlcm5hbWUAcGFzc3dvcmQ=
+
+         you should now see the following response from the server:
+
+         235 Authentication successful
+
+      5. Type "QUIT" to close the telnet session to sendmail.
+
+   B. LOGIN Mech:
+      1. Create your Base64 encoded username and password.
+
+         #perl -MMIME::Base64 -e 'print encode_base64("username");'
+         dXNlcm5hbWU=
+         #perl -MMIME::Base64 -e 'print encode_base64("password");'
+         cGFzc3dvcmQ=
+
+      2. telnet to port 25 of your sendmail server
+
+      3. send "EHLO <client.host.name>"
+         a. check for "250-AUTH *" in the response
+         b. check that the LOGIN mech is listed.
+
+      4. Send "AUTH LOGIN", then the base64 encoded username and passwords.
+
+         C: AUTH LOGIN
+	 S: 334 VXNlcm5hbWU6  (base64 encoded "Username:")
+         C: dXNlcm5hbWU=
+         S: 334 UGFzc3dvcmQ6  (base64 encode "Password:")
+         C: cGFzc3dvcmQ=
+         S: 235 2.0.0 OK Authenticated
+
+      5. Type "QUIT" to close the telnet session to sendmail.
+
+   C. DIGEST-MD5 Mech:
+
+      1. telnet to port 25 of your sendmail server
+
+      2. send "EHLO <client.host.name>"
+         a. check for "250-AUTH *" in the response
+         b. check that the DIGEST-MD5 mech is listed.
+
+      3. Send "AUTH DIGEST-MD5"
+
+         C: AUTH DIGEST-MD5
+         S: 334 ?
+
+      4. Calculate the DIGEST-MD5 response (use another telnet, ssh, or X Window)
+
+         ?
+
+      5. Send the DIGEST-MD5 response to the server.
+
+         C: ?
+         S: 235 2.0.0 OK Authenticated
+
+      6. Type "QUIT" to close the telnet session to sendmail.
+
+   D. CRAM-MD5 Mech:
+
+      1. telnet to port 25 of your sendmail server
+
+      2. send "EHLO <client.host.name>"
+         a. check for "250-AUTH *" in the response
+         b. check that the CRAM-MD5 mech is listed.
+
+      3. Send "AUTH CRAM-MD5"
+
+         C: AUTH CRAM-MD5
+         S: 334 PDE4OTYuNjk3MTcwOTUyQHBvc3RvZmZpY2UucmVzdG9uLm1jaS5uZXQ+
+		(base64 encoded timestamp and hostname)
+
+      4. Calculate the CRAM-MD5 response (use another telnet, ssh, or X Window)
+
+         perl '-MDigest::HMAC_MD5 qw(hmac_md5 hmac_md5_hex)' -MMIME::Base64 \
+           -e 'print encode_base64("username " . hmac_md5_hex(decode_base64("<ticket>"),"password"));'
+
+         The "<ticket>" is the response received from the server in step 3.
+
+         (i.e. PDE4OTYuNjk3MTcwOTUyQHBvc3RvZmZpY2UucmVzdG9uLm1jaS5uZXQ+)
+
+         Using the above ticket our CRAM-MD5 response is:
+
+           dXNlcm5hbWUgMDZkMGEzMjVmMDU0NjQ4NjQ2ZTA3MmNkNGZlYjE3YzQ=
+
+      5. Send the CRAM-MD5 response to the server.
+
+         C: dXNlcm5hbWUgMDZkMGEzMjVmMDU0NjQ4NjQ2ZTA3MmNkNGZlYjE3YzQ=
+         S: 235 2.0.0 OK Authenticated
+
+      6. Type "QUIT" to close the telnet session to sendmail.
diff --git a/security/cyrus-sasl/files/pwcheck.sh b/security/cyrus-sasl/files/pwcheck.sh
index 8504b02e3016..c6e61b203ede 100644
--- a/security/cyrus-sasl/files/pwcheck.sh
+++ b/security/cyrus-sasl/files/pwcheck.sh
@@ -8,9 +8,6 @@
 # BEFORE: mail imap
 # KEYWORD: FreeBSD shutdown
 #
-# NOTE for FreeBSD 5.0+:
-# If you want this script to start with the base rc scripts
-# move cyrus_pwcheck.sh to /etc/rc.d/cyrus_pwcheck
 
 prefix=%%PREFIX%%
 
@@ -19,11 +16,12 @@ prefix=%%PREFIX%%
 #	/etc/rc.conf.local
 #	/etc/rc.conf.d/cyrus_pwcheck
 #
-# DO NOT CHANGE THESE DEFAULT VALUES HERE
-#
-cyrus_pwcheck_enable="%%ENABLE_PWCHECK%%"			# Enable pwcheck daemon
-cyrus_pwcheck_program="${prefix}/sbin/%%PWCHECK%%"	# pwcheck program to use
-							# (pwcheck/pwcheck_pam)
+# DO NOT CHANGE THE DEFAULT VALUES HERE
+
+cyrus_pwcheck_enable=${cyrus_pwcheck_enable:-"%%ENABLE_PWCHECK%%"}
+
+# pwcheck program to use (pwcheck/pwcheck_pam)
+cyrus_pwcheck_program=${cyrus_pwcheck_program:-"${prefix}/sbin/%%PWCHECK%%"}
 
 . %%RC_SUBR%%
 
diff --git a/security/cyrus-sasl/files/saslauthd.sh b/security/cyrus-sasl/files/saslauthd.sh
index a07e4a8c7c0d..b2a192137131 100644
--- a/security/cyrus-sasl/files/saslauthd.sh
+++ b/security/cyrus-sasl/files/saslauthd.sh
@@ -8,9 +8,6 @@
 # BEFORE: mail imap
 # KEYWORD: FreeBSD shutdown
 #
-# NOTE for FreeBSD 5.0+:
-# If you want this script to start with the base rc scripts
-# move saslauthd1.sh to /etc/rc.d/saslauthd1
 
 prefix=%%PREFIX%%
 
@@ -19,11 +16,10 @@ prefix=%%PREFIX%%
 #	/etc/rc.conf.local
 #	/etc/rc.conf.d/saslauthd1
 #
-# DO NOT CHANGE THESE DEFAULT VALUES HERE 
-#
-saslauthd1_enable="%%ENABLE_SASLAUTHD%%"		# Enable saslauthd
-#saslauthd1_program="${prefix}/sbin/saslauthd1"	# Location of saslauthd1
-saslauthd1_flags="-a pam"			# Flags to saslauthd program
+# DO NOT CHANGE THE DEFAULT VALUES HERE 
+
+saslauthd1_enable=${saslauthd1_enable:-"%%ENABLE_SASLAUTHD%%"}
+saslauthd1_flags=${saslauthd1_flags:-"-a pam}
 
 . %%RC_SUBR%%
author	Clement Laforet <clement@FreeBSD.org>	2004-03-05 19:33:57 +0000
committer	Clement Laforet <clement@FreeBSD.org>	2004-03-05 19:33:57 +0000
commit	656632f3ae46c0c392bc9e0fb838bdd185640593 (patch)
tree	cae3fd5e4bf09c2d4474987e52d914b1d04c162b /security/cyrus-sasl
parent	07ae080f6b9b9dec5706bd49d72b12a028930ee8 (diff)