Sat 10 Jan 2004
Apple's Open Directory
Category : Technology/openDir.txt
The ability to support SMTP-AUTH on a mail server is so important because it means you can open up the server for (legitimate) remote users to send mail through it without making it an Open Relay. It's the difference between a toy server and one that is considered industrial-strength. Even Linux users struggle to set this up. Definitely it's no cakewalk if you're still using sendmail.
Shin-ichi YOSHIMOTO, who has a Postfix for Mac OS X Users site (in Japanese), has been investigating how SMTP authentication got done on Panther.
This is his finding, summarised here in case others are also curious.
In Postfix on Panther, if "smtpd_use_pw_server=yes", SMTP-AUTH appears to be be done through Apple's Open Directory framework.
The Open Directory authentication service supports the following types of authentication :
(Basic) login, plain,
(Password Server Authentication) cram-md5, gssapi
These are the values we can use for the "smtpd_pw_server_security_options".
A plain-vanilla OS X Panther machine can only use the basic options - login and plain - because, according to Shin-ichi's findings, PasswordService.8, which is the Password Server daemon, is distributed only as part of Mac OS X Server.
That's why we set "smtpd_pw_server_security_options=plain,login".
So, in conclusion, SMTP-AUTH on Panther skips past the need to set anything up on /usr/lib/sasl2 or on /etc/pam.d
Actually, now that we know the way to do it (again, thanks to the information provided originally by Andy Black), SMTP-AUTH on Postfix on Panther is really very simple. And credit has got to go to Apple's engineers who designed it this way.
It's easy to underestimate how hard it could have been to do this. You only have to do a search on Google with the key words (SASL, SMTP-AUTH, Cyrus, PAM, etc...) to see how many hoops people working on the other *nix'es have to go through to get SMTP-AUTH to work, if at all.
It makes me wonder, all those guys who strut their stuff with their command-line knowledge on VersionTracker. If it's so clear how it's done, how come I never saw any of their stuff in months of looking up Google for the answer?
Category : Commentary/singlife.txt
It's almost a year since I had these pages up. But having gone round the 'Net, and having crossed paths (or swords) with people all over the world, it's home that is still the best place to be in.
"People are the same wherever you go..." as Paul McCartney and Stevie Wonder would sing. "There is good and bad. In everyone. Learn to live. Learn to give each other what we need to survive. Together alive."
As I write this, I'm looking out over the water at a friend's place, having come from our own place whose usual tranquility has been broken by the large number of cars arriving for the funeral of a man who has just died, suddenly in Jakarta, in the prime of his life. They're a hugely popular couple, and it's no wonder they have so many friends.
It puts things in perspective. There's a lot more to life than iLife and Postfix Enabler and the problems of strangers. After all, there's the kid (seen here with his very best friend). And the birds on our tree continue to sing, whether we notice them or not. We do the best we can and move on.