When sendmail is compiled with SASL (SASL) defined, authenticated connections can be
supported. When negotiating an authenticated connection certain
information is required, specifically and in this order:
The user id is the identifier
sendmail uses to check allowable permissions. In
general this should never be root.
The authorization id is the identifier of the
user allowed to set up the connection. In general this should never
The password is the clear text password used to
authorize the mail connection. This should be a password dedicated to
this use, not the plain text copy of the
The realm is the administrative zone for
authentication. In general this should be your DNS domain. If no
realm is specified (this item is blank),
sendmail will substitute the value of the
$j macro ($j).
The mechanism is the preferred mechanism for
connection authentication. This should match one of the mechanisms
listed in the AuthMechanisms option (AuthMechanisms).
This information can be stored either in a file where the items are
listed one per line in the order shown, or in a program that is run
and that prints these items to its standard output, one per line in
the order shown. A program is a path specification prefixed with a
vertical bar character. A file is a path specification not prefixed.
The DefaultAuthInfo option is declared like this:
O DefaultAuthInfo=path configuration file (V8.10 and later)
-ODefaultAuthInfo=path command line (V8.10 and later)
define(`confDEF_AUTH_INFO',`path') mc configuration (V8.10 and later)
The file or program specified by path must live
in a secure directory (that is, one in which every component is
writable only by root or the trusted user
specified in the TrustedUser option), and must be
readable or executable only by root or the user
listed in the TrustedUser option (TrustedUser). This option is not declared in the default
configuration file generated by the mc
configuration technique. The recommended path for the file form is
/etc/mail/default-auth-info. No programs
currently exist which can provide the information that is currently
provided by the file.
Note that this DefaultAuthInfo option was
introduced in V8.10 and declared deprecated in V8.12. Its
functionality has been replaced by the access
database (Section 10.9.3) and the
authinfo feature (FEATURE(authinfo)).
The DefaultAuthInfo option is not safe. If
specified from the command line, it can cause
sendmail to relinquish its special privileges.