0

Is it possible for sendmail to authenticate users from LDAP with passwords stored as SHA512 hash ? If yes, how?

Edit: OS is Arch Linux and i want to use only LDAP to authenticate users.

Aas
  • 178
  • 1
  • 2
  • 9
  • 1) Could you name your OS/distribution? Some solutions to are `PAM` based => they may be OS/Distribution dependant. 2) Do you want to use **ONLY** ldap for storing passwords and checking local recipient existence? – AnFi Oct 26 '17 at 13:38

1 Answers1

1

Typically you configure sendmail to pass the authentication requests to the saslauthd daemon and you configure saslauthd to use LDAP as a backend.

Then it depends a bit on how your LDAP database is configured, is the SHA512 password the actual password or a completely different attribute?

Because if I recall correctly by default saslauthd will use a bind to validate the credentials and then it is the LDAP directory that will perform the password hashing and validate the credentials. Therefor if the SHA512 hash is the actual password then neither sendmail, nor saslauthd need to be aware of how your passwords are stored, they simply pass the supplied username and password combination to the LDAP directory and see a succes or failure.

HBruijn
  • 72,524
  • 21
  • 127
  • 192
  • SHA512 password the actual password – Aas Nov 14 '17 at 09:55
  • Sendmail uses Cyrus SASL which doesn't support SHA512. That is probably root of my problem. But I can't figure out whether there is an alternative to Cyrus SASL for Sendmail. – Aas Nov 20 '17 at 10:04