Combine Solaris Automated Install and Repository on one image. Success

Following on my last entry about Solaris 11 Automated Install with no network (Standalone) I thought I would post this update saying that I have managed to get it working, well I have managed to create a new 6.7GB ISO which can boot a VirtualBox client and installs Solaris 11 with NO network I am not sure why it was failing last time, but since then I have reinstalled Solaris 11 and added another disk to my desktop.

Copy Oracle Solaris 11 11/11 Automated Installer from ISO to disk:

# mount -F hsfs sol-11-1111-ai-x86.iso /mnt
# cd /mnt
# mkdir /var/tmp/AIboot
# find . -depth -print | cpio -pdm /var/tmp/AIboot
# cd /
# umount /mnt

Copy Oracle Solaris 11 11/11 Repository Image from ISO to disk:

# mount -F hsfs sol-11-1111-repo-full.iso /mnt
# cd /mnt
# rsync -aP /mnt/repo/ /var/tmp/AIboot/repoSolaris11
# cd /
# umount /mnt

Check it and edit default manifest so that is uses local repository:

# du -hs /var/tmp/AIboot
7.0G /var/tmp/AIboot

# ls /var/tmp/AIboot

auto_install      devices           mnt               repoSolaris11     solaris.zlib
bin               export            platform          root              solarismisc.zlib
boot              home              proc              save              system
dev               jack              reconfigure       sbin              tmp

Edit /var/tmp/AIboot/auto_install/default.xml

             <publisher name="solaris">
                     <origin name="http://pkg.oracle.com/solaris/release"/>
             </publisher>

Change to:

             <publisher name="solaris">
                     <origin name="file:///.cdrom/repoSolaris11"/>
             </publisher>

Create a new ISO:

# mkisofs -o /var/tmp/output.iso -b boot/grub/stage2_eltorito \
-c .catalog -no-emul-boot -boot-load-size 4 \
-boot-info-table -N -R -U -allow-multidot -no-iso-translate \
-cache-inodes -iso-level 4 -d -D -V Solaris11 /var/tmp/AIboot

Warning: Creating ISO-9660:1999 (version 2) filesystem.
Warning: ISO-9660 filenames longer than 31 may cause buffer overflows in the OS.
Size of boot image is 4 sectors -> No emulation
Size of boot image is 4 sectors -> No emulation
0.99% done, estimate finish Fri Mar 9 13:23:05 2012
1.13% done, estimate finish Fri Mar 9 13:22:53 2012
...
99.83% done, estimate finish Fri Mar 9 13:37:07 2012
99.97% done, estimate finish Fri Mar 9 13:37:06 2012
Total translation table size: 2048
Total rockridge attributes bytes: 36023282
Total directory bytes: 68673536
Path table size(bytes): 136082
Max brk space used 10144000
3530910 extents written (6896 MB)

The above iso then was used to install Solaris 11 on VirtaulBox.

Solaris 11 Automated Install with no network (Standalone)

After my last blog entry about Solaris 11 Automated Install without a network boot I was thinking that we have all the building blocks to do a true standaone install of Solaris 11 without any network connection at all.

Oracle gives us the iso's for "Oracle Solaris 11 11/11 Automated Installer" and the full "Oracle Solaris 11 11/11 Repository Image" from the Solaris download page, so why do we need a network!

The problem is that the repository is 7GB so testing it is a little difficult and trying to put the above two ISO's onto one 8GB USB is even harder. At this stage I have been unable to put the 7GB repository ISO onto a USB stick. Also, unable to combine the 2 ISO into 1 ISO which works (I end up with repository errors on install)!

But, in theory it will work and to demonstrate the idea I will use VirtualBox and a network for the manifest file (ONLY for manifest file!).  You can use my previous blog to replace the AI boot image with a modified one.

1. Download the above iso for x86:
• sol-11-1111-ai-x86.iso
• sol-11-1111-repo-full.iso


2. Create a new VirtualBox Solaris client
• it needs to be on the network (download manifest file)
• Storage we will add both ISO files as CD





3. Create a manifest file for the installation and place it on a web server:
• There is only one change required from the default manifest (download version default.xml):


             <publisher name="solaris">
                     <origin name="http://pkg.oracle.com/solaris/release"/>
             </publisher>



Change to:


             <publisher name="solaris">
                     <origin name="file:///media/SOL11REPO_FULL/repo"/>
             </publisher>



4. Now boot you client:
• Pick default option Oracle Solaris 11 11/11 Automated Install custom:





• Enter the URL for the modified manifest file:

At this point it should go off and install the software.

The perfect solution which I am happy for someone to try is to place the both AI boot and repository onto one ISO and then use no network, but I have failed so far!

Solaris 11 Automated Install without a network boot

After my last blog about Solaris 11 Automated Installer quick setup guide in a zone I did some more reading and I realised that you don't require to boot the client with DHCP, but boot it from a local device (CD or USB).

If you check out the download page for solaris down you will see Automated Installer can be downloaded as an ISO or USB version. If you download this and put it on to a CD or USB you can boot your client with it. When you boot it you see

Oracle Solaris 11 11/11 Automated Install custom
Oracle Solaris 11 11/11 Automated Install
Oracle Solaris 11 11/11 Automated Install custom ttya
Oracle Solaris 11 11/11 Automated Install custom ttyb
Oracle Solaris 11 11/11 Automated Install ttya
Oracle Solaris 11 11/11 Automated Install ttyb

• Picking Oracle Solaris 11 11/11 Automated Install custom means you will be prompted for a URL where your manifest is located on the network
• Picking Oracle Solaris 11 11/11 Automated Install will install Solaris using a default manifest

Modifying the default settings:
If you have placed the AI image onto a USB then you can edit it and change the default manifest.

• Mount the USB image (USB)

# ls /media/DataTraveler 2.0
.                        .volsetid                  jack                      sbin
..                       auto_install             lost+found               solaris.zlib
.catalog                 bin                      mnt                      solarismisc.zlib
.cdrom                   boot                     platform                 system
.image_info              dev                      proc                     tmp
.liveusb                 devices                  reconfigure
.SELF-ASSEMBLY-REQUIRED  export                   root
.transfer-manifest.xml   home                     save

Edit the default.xml file:

# vi /media/DataTraveler 2.0/auto_install/manifest/default.xml

You would think you could edit the default profile as well, but you can't since it uses the default one located at /usr/share/auto_install/sc_profiles/enable_sci.xml which is not accessible, since /usr is a lofi mount. I think this should be classed as a bug, since you would expect it to use /auto_install/sc_profiles.

I have just filed a BUG report with Oracle for this

This is the way it should be done, if this BUG did not exist!!!

Edit default system configuration file:

# cd /media/DataTraveler 2.0/auto_install/sc_profiles/

# vi enable_sci.xml

Or use the sample one:

# cd /media/DataTraveler 2.0/auto_install/sc_profiles/

# cp sc_sample.xml enable_sci.xml

This is the way you have to do it now. Long way!!! We have to replace the solaris.zlib on the image

As before we mount the USB image

# cd /media/DataTraveler 2.0

Mount the image

# lofiadm -a solaris.zlib

# mount -F hsfs /dev/lofi/1 /mnt

Now copy the whole image

# mkdir /export/newsolaris

# cd /mnt

# find . -depth -print | cpio -pdm /export/newsolaris

# cd /export/newsolaris

Now we finally get to making are changes

# cd ./share/auto_install/sc_profiles/

# ls -l

total 27
-r--r--r--   1 root     sys         3104 Feb 23 17:39 enable_sci.xml
-r--r--r--   1 root     sys         3104 Oct 21 00:04 sc_sample.xml
-r--r--r--   1 root     sys         4656 Oct 21 00:04 static_network.xml

# cp -ip sc_sample.xml enable_sci.xml

#

Now re-create the solaris.zlib image

# mkisofs -o /tmp/solaris.zlib -quiet -N -l -R -U -allow-multidot -no-iso-translate -cache-inodes -d -D -V "compress" /export/newsolaris

Warning: creating filesystem that does not conform to ISO-9660.

It needs to be compressed

# lofiadm -C lzma /tmp/solaris.zlib

Copy it back to the USB image

# cp /tmp/solaris.zlib /media/DataTraveler 2.0

If you want to create an ISO so that you can test it on VirtualBox. Try:

# /usr/bin/mkisofs -d -D -J -l -r -U -relaxed-filenames -b boot/grub/stage2_eltorito -no-emul-boot -boot-load-size 4 -boot-info-table -c .catalog -V "my_volume_name" -o /var/tmp/output.iso "/media/DataTraveler 2.0"
Warning: creating filesystem that does not conform to ISO-9660.
Setting input-charset to 'UTF-8' from locale.
Size of boot image is 4 sectors -> No emulation
Size of boot image is 4 sectors -> No emulation
3.59% done, estimate finish Mon Feb 27 13:03:22 2012
7.17% done, estimate finish Mon Feb 27 13:03:22 2012
.....
96.77% done, estimate finish Mon Feb 27 13:03:33 2012
Total translation table size: 2048
Total rockridge attributes bytes: 45685
Total directory bytes: 290816
Path table size(bytes): 1864
Max brk space used 7e000
139507 extents written (272 MB)

Save it and try it out!
You still require a network since the install still uses a network IPS repository

I have tested it with VirtualBox booting of an iso file I created from the USB image.

Solaris 11 Automated Installer quick setup guide in a zone

Setting up an Automated Install server with Solaris 11 is now very easy. See my recent Solaris SIG talk about it but here is a quick guide.

• Setup zone:

# zonecfg -z aiserver 'create; set zonepath=/zones/aiserver'

• Create system profile to speed install process up:
• This allows you to setup hostname, server IP address, initial user, etc

# sysconfig create-profile -o sysconfig.xml

• Install Zone with default manifest and using the system configuration create above:

# zoneadm -z aiserver install -c /var/tmp/sysconfig.xml
A ZFS file system has been created for this zone.
Progress being logged to /var/log/zones/zoneadm.20120221T133021Z.aiserver.install
       Image: Preparing at /zones/aiserver/root.

Install Log: /system/volatile/install.17908/install_log
AI Manifest: /tmp/manifest.xml.yhaq9I
SC Profile: /var/tmp/sysconfig.xml
    Zonename: aiserver
Installation: Starting ...

              Creating IPS image
              Installing packages from:
                  solaris
                      origin:  http://pkg.oracle.com/solaris/support/
DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                              167/167 32064/32064  175.8/175.8

PHASE                                        ACTIONS
Install Phase                            44313/44313

PHASE                                          ITEMS
Package State Update Phase                   167/167
Image State Update Phase                         2/2
Installation: Succeeded

        Note: Man pages can be obtained by installing pkg:/system/manual done.
        Done: Installation completed in 127.429 seconds
  Next Steps: Boot the zone, then log into the zone console (zlogin -C) to complete the configuration process.

Log saved in non-global zone as /zones/aiserver/root/var/log/zones/zoneadm.20120221T133021Z.aiserver.install

# zoneadm -z aiserver boot
# zlogin -C -e\@ aiserver

• Install auto-installer software in the zone

# svcadm enable /network/dns/multicast
# pkg list install/installadm
pkg list: no packages matching 'install/installadm' installed
# pkg install install/installadm
# pkg list install/installadm
NAME (PUBLISHER)                          &nbsVERSION                    IFO
install/installadm                         0.5.11-0.175.0.0.0.2.1482  i--

• Create the boot service.
• No need to specify an ISO since the software will download an image.

# installadm create-service in solarisx86
Creating service from: pkg:/install-image/solaris-auto-install
OK to use default image path: /export/auto_install/solarisx86? [y/N]: y
Download: install-image/solaris-auto-install ...  Done
Install Phase ...  Done
Package State Update Phase ...  Done
Image State Update Phase ...  Done
Reading Existing Index ...  Done
Indexing Packages ...  Done

Creating service: solarisx86

Image path: /export/auto_install/solarisx86

Refreshing install services

Creating default-i386 alias.

No local DHCP configuration found. This service is the default
alias for all PXE clients. If not already in place, the following should
be added to the DHCP configuration:
        Boot server IP       : 193.xx.xx.xx
        Boot file            : default-i386/boot/grub/pxegrub

Refreshing install services

# ls -l /etc/netboot
total 6
drwxr-xr-x 19 root root 28 Feb 21 15:42 default-i386
drwxr-xr-x 19 root root 28 Feb 21 15:42 solarisx86

• You are ready to boot PXE client towards this server

Solaris 11: Setting up Sendmail / SASL to handle SMTP AUTH

I thought I would finally get SMTP AUTH working on my Solaris 11 servers, so that I could then setup my phone to send e-mail correctly. If you have seen my previous post you will see that Solaris 11 can't do it with the standard software.

Build Cyrus SASL

• Install the packages which we requite and download Cyrus SASL Library

# sudo pkg install pkg:/developer/build/make system/header developer/gcc-3 text/gnu-grep database/berkeleydb-5

# echo $PATH
/usr/sbin:/usr/bin
# export PATH=$PATH:/usr/gnu/bin:/usr/sfw/bin

• At this time it will not compile, so alter the following lines.

# gzip -dc cyrus-sasl-2.1.25 | tar xf -
# cd cyrus-sasl-2.1.25

# vi ./lib/saslutil.c ./plugins/kerberos4.c ./plugins/digestmd5.c utils/Makefile.am

./lib/saslutil.c
85c85
extern int gethostname(char *, int);
change to:
extern int gethostname(char *, unsigned int);

./plugins/kerberos4.c
113c113
extern int gethostname(char *, int);
change to:
extern int gethostname(char *, unsigned int);

./plugins/digestmd5.c
106c106
extern int gethostname(char *, int);
change to:
extern int gethostname(char *, unsigned int);

./utils/Makefile.am
59a60,62
add the following lines:
saslpasswd2_LDFLAGS = -rpath $(libdir)
dbconverter_2_LDFLAGS = -rpath $(libdir)
pluginviewer_LDFLAGS = -rpath $(libdir)

• Now we are ready for building.

# ./configure --enable-cram --enable-digest --enable-plain \
          --enable-login --disable-krb4 --disable-anon \
          --disable-gssapi --with-saslauthd=/var/run/saslauthd
# make
# sudo make install

•  Add the following links:

# sudo ln -s /usr/local/lib/sasl2 /usr/lib/sasl2
# sudo ln -s /usr/local/lib/libsasl2.so.2.0.25 /usr/lib/libsasl2.so.2

Build Sendmail

• Download sendmail  8.14.5

• Stop existing sendmail processes.

# sudo svcadm disable svc:/network/smtp:sendmail
# sudo svcadm disable svc:/network/sendmail-client:default

# gzip -dc sendmail.8.14.5.tar.gz | tar xf -
# cd sendmail-8.14.5

• Set up sendmail FEATURES (SSL, SASL, DB)

# cat > devtools/Site/site.config.m4
dnl ### Changes to disable the default NIS support
APPENDDEF(`confENVDEF', `-UNIS')

dnl ### Changes for STARTTLS support
APPENDDEF(`confENVDEF',`-DSTARTTLS')
APPENDDEF(`confLIBS', `-lssl -lcrypto')
APPENDDEF(`confLIBDIRS', `-L/usr/local/lib -L/usr/lib -R/usr/lib')
APPENDDEF(`confINCDIRS', `-I/usr/include/openssl')

dnl ### SASL support
APPENDDEF(`confENVDEF', `-DSASL=2')
APPENDDEF(`conf_sendmail_LIBS', `-lsasl2')
APPENDDEF(`confINCDIRS', `-I/usr/local/sasl -I/usr/include')

dnl ### Berkley DB support
APPENDDEF(`confENVDEF', `-DNEWDB')
APPENDDEF(`confINCDIRS', `-I/usr/include')
APPENDDEF(`confLIBDIRS', `-L/usr/lib')

dnl ### TCP Wrapper
APPENDDEF(`confENVDEF', `-DTCPWRAPPERS')
APPENDDEF(`conf_sendmail_LIBS', `-lwrap')
EOF
#

•  Build Sendmail

# ./Build -c
/* It should build but ignore the gtroff:error at the end */
# sudo mv /usr/lib/sendmail /usr/lib/sendmail_orig
# sudo cp obj.SunOS.5.11.i86pc/sendmail/sendmail /usr/lib/sendmail
# sudo sudo chgrp smmsp /usr/lib/sendmail
# sudo sudo chmod g+s,u-ws /usr/lib/sendmail

• Now a Vendor and SASL support to sendmail.cf file (I hope you know what you are doing here)
• Edit sendmil.mc add add the extra lines:

define(`VENDOR_NAME', `Berkeley')
define(`confAUTH_OPTIONS', `A')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

# cd /etc/mail/cf/cf
# cat sendmail.mc
divert(0)dnl
VERSIONID(`sendmail.mc (Sun)')
define(`VENDOR_NAME', `Berkeley')
OSTYPE(`solaris11')dnl
DOMAIN(`solaris-generic')dnl
define(`confAUTH_OPTIONS', `A')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confFALLBACK_SMARTHOST', `mailhost$?m.$m$.')dnl
MAILER(`local')dnl
MAILER(`smtp')dnl

LOCAL_NET_CONFIG
R$* < @ $* .$m. > $* $#esmtp $@ $2.$m $: $1 < @ $2.$m. > $3
#
# sudo make sendmail.cf
# sudo cp sendmail.cf ../../sendmail.cf

# sudo /usr/lib/sendmail -bt -d0 < /dev/null
Version 8.14.5
Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
    NAMED_BIND NDBM NETINET NETINET6 NETUNIX NEWDB PIPELINING
    SASLv2 SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG

Setup sasl authentication server

• Now lets set up SASL plugin via a Sendmail.conf

# sudo cat > /usr/local/lib/sasl2/Sendmail.conf
pwcheck_method: saslauthd
EOF
#

• For authentication to work the saslauthd has to be started, so you can start in as a one off process (good for debugging) and at boot time.

# sudo /usr/local/sbin/saslauthd -n 1 -V -d -a pam
saslauthd[398] :main : num_procs : 1
saslauthd[398] :main : mech_option: NULL
saslauthd[398] :main : run_path : /var/run/saslauthd
saslauthd[398] :main : auth_mech : pam
saslauthd[398] :ipc_init : using accept lock file: /var/run/saslauthd/mux.accept
saslauthd[398] :detach_tty : master pid is: 0
saslauthd[398] :ipc_init : listening on socket: /var/run/saslauthd/mux
saslauthd[398] :main : using process model
saslauthd[398] :get_accept_lock : acquired accept lock

• To set it up ant boot time we should set up a services, but for now we will stick to init.d files.
  

cat > /etc/init.d/saslauthd
#!/usr/sbin/sh
#
NAME=saslauthd
DAEMON="/usr/local/sbin/${NAME}"
DESC="SASL Authentication Daemon"

# -a Selects the authentication mechanism to use.
# -n Number of worker processes to create.
# -V Enable verbose logging
# -d Debugging (don't detach from tty, implies -V)

case "$1" in
'start')
${DAEMON} -n 1 -V -d -a pam
;;

'stop')
pgrep saslauthd
;;

*)
echo "Usage: $0 { start | stop }"
exit 1
;;
esac
EOF
#
# sudo ln init.d/saslauthd rc0.d/K38saslauthd
# sudo ln init.d/saslauthd rc1.d/K38saslauthd
# sudo ln init.d/saslauthd rc2.d/S82saslauthd
# sudo ln init.d/saslauthd rcS.d/K38saslauthd

• Time for some testing, via first the SASL daemon.

# cyrus-sasl-2.1.25/saslauthd/testsaslauthd -u RealUser -p MyPassword
0: OK "Success."

• We need the encrypted username and password to test sendmail:

# perl -MMIME::Base64 -e 'print encode_base64("\000MyUser\000MyPassword")'
AE15VXNlcgBNeVBhc3N3b3Jk

• Test the sendmail part:

# sudo /usr/lib/sendmail -bv  -O LogLevel=14 -bs -Am
220 mailer5.dcs.bbk.ac.uk ESMTP Sendmail 8.14.5/8.14.5; Tue, 31 Jan 2012 09:52:24 GMT
EHLO localhost
250-mailer5.dcs.bbk.ac.uk Hello root@localhost, pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-DELIVERBY
250 HELP
AUTH PLAIN AE15VXNlcgBNeVBhc3N3b3Jk
235 2.0.0 OK Authenticated
quit
221 2.0.0 mailer5.dcs.bbk.ac.uk closing connection

• That is it.

refernces:
- Guía Instalación de Sendmail con SMTP-AUTH y (tema #2688)
- Sendmail-SMTP-AUTH-TLS-Howto
- OpenSolaris Sendmail Auth

Can Solaris 11 Sendmail / SASL handle SMTP AUTH

I thought I would finally get SMTP AUTH working on my Solaris 11 servers, so that I could then setup my phone to send e-mail correctly.

So can you do it with default Solaris 11 software?
If you can't wait the answer is NO! but here is what I tried just in case someone can solve the problem.

• First Solaris 11 comes with Sendmail and SASL, but worst luck Sendmail has not been built with SASL support (you see the following when you edit sendmail.cf. see later).

# sudo /usr/lib/sendmail -d0 -bt < /dev/null
Version 8.14.5+Sun
Compiled with: DNSMAP LDAPMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8
MIME8TO7 NAMED_BIND NDBM NETINET NETINET6 NETUNIX NEWDB NIS
PIPELINING SCANF STARTTLS TCPWRAPPERS USERDB USE_LDAP_INIT
XDEBUG
Warning: Option: AuthMechanisms requires SASL support (-DSASL)
Warning: Option: AuthOptions requires SASL support (-DSASL)

• Lets try compiling sendmail to see if Solaris SASL can work!
• Install the packages which we requite and download sendmail  8.14.5

# sudo pkg install pkg:/developer/build/make system/header developer/gcc-3 text/gnu-grep database/berkeleydb-5

# echo $PATH
/usr/sbin:/usr/bin
# export PATH=$PATH:/usr/gnu/bin:/usr/sfw/bin

• Stop existing sendmail processes.

# sudo svcadm disable svc:/network/smtp:sendmail
# sudo svcadm disable svc:/network/sendmail-client:default

# gzip -dc sendmail.8.14.5.tar.gz | tar xf -
# cd sendmail-8.14.5

• Set up sendmail FEATURES (SSL, SASL, DB)

# cat > devtools/Site/site.config.m4
dnl ### Changes for STARTTLS support
APPENDDEF(`confENVDEF',`-DSTARTTLS')
APPENDDEF(`confLIBS', `-lssl -lcrypto')
APPENDDEF(`confLIBDIRS', `-L/usr/lib -R/usr/li')
APPENDDEF(`confINCDIRS', `-I/usr/include/openssl')

dnl ### SASL support
APPENDDEF(`confENVDEF', `-DSASL')
APPENDDEF(`conf_sendmail_LIBS', `-lsasl')
APPENDDEF(`confINCDIRS', `-I/usr/include/sasl')

dnl ### Berkley DB support
APPENDDEF(`confENVDEF', `-DNEWDB')
APPENDDEF(`confINCDIRS', `-I/usr/include')
APPENDDEF(`confLIBDIRS', `-L/usr/lib')
EOF

•  Build Sendmail

# ./Build -c
/* It should build but ignore the gtroff:error at the end */
# sudo mv /usr/lib/sendmail /usr/lib/sendmail_orig
# sudo cp obj.SunOS.5.11.i86pc/sendmail/sendmail /usr/lib/sendmail
# sudo sudo chgrp smmsp /usr/lib/sendmail
# sudo sudo chmod g+s,u-ws /usr/lib/sendmail

• Now a Vendor and SASL support to sendmail.cf file (I hope you know what you are doing here)
• Edit sendmil.mc add add the extra lines:

define(`VENDOR_NAME', `Berkeley')
define(`confAUTH_OPTIONS', `A')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

# cd /etc/mail/cf/cf
# cat sendmail.mc
divert(0)dnl
VERSIONID(`sendmail.mc (Sun)')
define(`VENDOR_NAME', `Berkeley')
OSTYPE(`solaris11')dnl
DOMAIN(`solaris-generic')dnl
define(`confAUTH_OPTIONS', `A')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confFALLBACK_SMARTHOST', `mailhost$?m.$m$.')dnl
MAILER(`local')dnl
MAILER(`smtp')dnl

LOCAL_NET_CONFIG
R$* < @ $* .$m. > $* $#esmtp $@ $2.$m $: $1 < @ $2.$m. > $3
#
# sudo make sendmail.cf
# sudo cp sendmail.cf ../../sendmail.cf

# sudo /usr/lib/sendmail -bt -d0 < /dev/null
Version 8.14.5
Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
NAMED_BIND NDBM NETINET NETINET6 NETUNIX NEWDB PIPELINING
SASLv2 SCANF STARTTLS USERDB XDEBUG

• Now lets set up SASL plugin via a Sendmail.conf

# cat > /etc/sasl/Sendmail.conf
# pw_check: shadow

• I have tried the following in the above with no luck: shadow,pam,auxprop, but none seem to check password information.
• Testing, but first we need the encrypted username and password:

# perl -MMIME::Base64 -e 'print encode_base64("\000MyUser\000MyPassword")'
AE15VXNlcgBNeVBhc3N3b3Jk

• Test the sendmail part:

# sudo /usr/lib/sendmail -bv  -O LogLevel=14 -bs -Am
220 mailer5.dcs.bbk.ac.uk ESMTP Sendmail 8.14.5/8.14.5; Tue, 31 Jan 2012 09:52:24 GMT
EHLO localhost
250-mailer5.dcs.bbk.ac.uk Hello root@localhost, pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5 PLAIN
250-DELIVERBY
250 HELP
AUTH PLAIN AE15VXNlcgBNeVBhc3N3b3Jk
535 5.7.0 authentication failed
Jan 31 09:52:35 mailer5 sendmail[5928]: Password verification failed
Jan 31 09:52:35 mailer5 sendmail[5928]: q0V9qOd1005928: AUTH failure (PLAIN): user not found (-20) SASL(-13): user not found: Password verification failed, relay=root@localhost
quit
221 2.0.0 mailer5.dcs.bbk.ac.uk closing connection

• So no luck, if you can spot anything I am doing wrong please let me know.
• I will post shortly how to get over the above.

refernces:
- Guía Instalación de Sendmail con SMTP-AUTH y (tema #2688)
- Sendmail-SMTP-AUTH-TLS-Howto
- OpenSolaris Sendmail Auth

Oracle Support Cost so high why would you buy Sun Hardware now

I work in education (UK, University) and we have bought a lot of Sun hardware over the years. Yes, the hardware was always a little more expensive, but I always found it more reliable and you had Solaris running on it which meant you had a world class system.

Well how things have changed since Oracle have taken over and the cost of running a Solaris system is out of reach of most people and business now.

Oracle Premier Support cost is 12% of cost of hardware Per Year!

Lets compare this with HP and Microsoft Windows.

HP System & MS Windows
HP ProLiant DL380 system	£3292
HP 5 year Hardware support	£495
Micosoft Server 2008 Academic Lic *	£93
Total Support Cost for 5 years (3.5% p/y)	£588
How much would it cost me with Oracle Support rates (with Solaris) for 5 years (12% p/y)	£1975
Sun/Oracle & Solaris
Sun Fire X4170 2CPU+32GB	£6250
Oracle 5 Year Premier Support (£750 per year)	£3750
Sun Fire X4170 2CPU+32GB (bought from SUN 2010), Support costs us approx £130 per year	£650

* Micosoft Server 2008 Academic Lic
I think I need to clarify the cheap Microsoft license. Since we are a University we can use the Microsoft Campus Enrollment which allows us to obtain many Microsoft products and heavily discounted prices. But what about Support. I am trying to check what telephone support level we get, but one thing is for sure you can obtain software updates, patches and hot fixes as part of the deal. This is the thing which Oracle is missing or I have not managed to speak to someone who is can give me a better answer.