source: postlfs/security/cyrus-sasl.xml@ 01dfd54

gnome
Last change on this file since 01dfd54 was 01dfd54, checked in by Christopher Gregory <cjg@…>, 10 years ago

Added systemd notes to cyrus-sasl page

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/branches/gnome@13389 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 13.7 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY cyrus-sasl-download-http " ">
8 <!ENTITY cyrus-sasl-download-ftp "ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-&cyrus-sasl-version;.tar.gz">
9 <!ENTITY cyrus-sasl-md5sum "a7f4e5e559a0e37b3ffc438c9456e425">
10 <!ENTITY cyrus-sasl-size "5.0 MB">
11 <!ENTITY cyrus-sasl-buildsize "30 MB">
12 <!ENTITY cyrus-sasl-time "0.5 SBU">
13]>
14
15<sect1 id="cyrus-sasl" xreflabel="Cyrus SASL-&cyrus-sasl-version;">
16 <?dbhtml filename="cyrus-sasl.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>Cyrus SASL-&cyrus-sasl-version;</title>
24
25 <indexterm zone="cyrus-sasl">
26 <primary sortas="a-Cyrus-SASL">Cyrus SASL</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to Cyrus SASL</title>
31
32 <para>
33 The <application>Cyrus SASL</application> package contains a Simple
34 Authentication and Security Layer, a method for adding authentication
35 support to connection-based protocols. To use SASL, a protocol includes
36 a command for identifying and authenticating a user to a server and for
37 optionally negotiating protection of subsequent protocol interactions.
38 If its use is negotiated, a security layer is inserted between the
39 protocol and the connection.
40 </para>
41
42 &lfs75_checked;
43
44 <bridgehead renderas="sect3">Package Information</bridgehead>
45 <itemizedlist spacing="compact">
46 <listitem>
47 <para>
48 Download (HTTP): <ulink url="&cyrus-sasl-download-http;"/>
49 </para>
50 </listitem>
51 <listitem>
52 <para>
53 Download (FTP): <ulink url="&cyrus-sasl-download-ftp;"/>
54 </para>
55 </listitem>
56 <listitem>
57 <para>
58 Download MD5 sum: &cyrus-sasl-md5sum;
59 </para>
60 </listitem>
61 <listitem>
62 <para>
63 Download size: &cyrus-sasl-size;
64 </para>
65 </listitem>
66 <listitem>
67 <para>
68 Estimated disk space required: &cyrus-sasl-buildsize;
69 </para>
70 </listitem>
71 <listitem>
72 <para>
73 Estimated build time: &cyrus-sasl-time;
74 </para>
75 </listitem>
76 </itemizedlist>
77
78 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
79 <itemizedlist spacing="compact">
80 <listitem>
81 <para>
82 Required patch:
83 <ulink url="&patch-root;/cyrus-sasl-&cyrus-sasl-version;-fixes-1.patch"/>
84 </para>
85 </listitem>
86 </itemizedlist>
87
88 <bridgehead renderas="sect3">Cyrus SASL Dependencies</bridgehead>
89
90 <bridgehead renderas="sect4">Required</bridgehead>
91 <para role="required">
92 <xref linkend="openssl"/>
93 </para>
94
95 <bridgehead renderas="sect4">Recommended</bridgehead>
96 <para role="recommended">
97 <xref linkend="db"/>
98 </para>
99
100 <bridgehead renderas="sect4">Optional</bridgehead>
101 <para role="optional">
102 <xref linkend="linux-pam"/>,
103 <xref linkend="mitkrb"/>,
104 <xref linkend="mariadb"/> or <ulink url="http://www.mysql.com/">MySQL</ulink>,
105 <xref linkend="openjdk"/>,
106 <xref linkend="openldap"/>,
107 <xref linkend="postgresql"/>,
108 <xref linkend="sqlite"/>,
109 <ulink url="ftp://ftp.pdc.kth.se/pub/krb/src/">krb4</ulink> and
110 <ulink url="http://dmalloc.com/">Dmalloc</ulink>
111 </para>
112
113 <para condition="html" role="usernotes">User Notes:
114 <ulink url="&blfs-wiki;/cyrus-sasl"/>
115 </para>
116 </sect2>
117
118 <sect2 role="installation">
119 <title>Installation of Cyrus SASL</title>
120
121 <note>
122 <para>
123 This package does not support parallel build.
124 </para>
125 </note>
126
127 <para>
128 Install <application>Cyrus SASL</application> by
129 running the following commands:
130 </para>
131
132<screen><userinput>patch -Np1 -i ../cyrus-sasl-&cyrus-sasl-version;-fixes-1.patch &amp;&amp;
133autoreconf -fi &amp;&amp;
134pushd saslauthd &amp;&amp;
135autoreconf -fi &amp;&amp;
136popd &amp;&amp;
137./configure --prefix=/usr \
138 --sysconfdir=/etc \
139 --enable-auth-sasldb \
140 --with-dbpath=/var/lib/sasl/sasldb2 \
141 --with-saslauthd=/var/run/saslauthd \
142 CFLAGS=-fPIC &amp;&amp;
143make -j1</userinput></screen>
144
145 <para>
146 This package does not come with a test suite. If you are planning
147 on using the GSSAPI authentication mechanism, it is recommended to test
148 it after installing the package using the sample server and client
149 programs which were built in the preceding step. Instructions for
150 performing the tests can be found at
151 <ulink url="&hints-root;/downloads/files/cyrus-sasl.txt"/>.
152 </para>
153
154 <para>
155 Now, as the <systemitem class="username">root</systemitem> user:
156 </para>
157
158<screen role="root"><userinput>make install &amp;&amp;
159install -v -dm755 /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; &amp;&amp;
160install -v -m644 doc/{*.{html,txt,fig},ONEWS,TODO} \
161 saslauthd/LDAP_SASLAUTHD /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; &amp;&amp;
162install -v -dm700 /var/lib/sasl</userinput></screen>
163
164 </sect2>
165
166 <sect2 role="commands">
167 <title>Command Explanations</title>
168
169 <para>
170 <parameter>--with-dbpath=/var/lib/sasl/sasldb2</parameter>: This
171 switch forces the <command>sasldb</command> database to be created
172 in <filename class="directory">/var/lib/sasl</filename> instead of
173 <filename class="directory">/etc</filename>.
174 </para>
175
176 <para>
177 <parameter>--with-saslauthd=/var/run/saslauthd</parameter>: This
178 switch forces <command>saslauthd</command> to use the FHS compliant
179 directory <filename class="directory">/var/run/saslauthd</filename>
180 for variable run-time data.
181 </para>
182
183 <para>
184 <parameter>CFLAGS=-fPIC</parameter>: This ensures that the package can build
185 on x86_64.
186 </para>
187
188 <para>
189 <parameter>--enable-auth-sasldb</parameter>: This switch enables
190 SASLDB authentication backend.
191 </para>
192
193 <para>
194 <parameter>--with-dblib=gdbm</parameter>: This switch forces
195 <application>GDBM</application> to be used instead of
196 <application>Berkeley DB</application>.
197 </para>
198
199 <para>
200 <option>--with-ldap</option>: This switch enables the
201 <application>OpenLDAP</application> support.
202 </para>
203
204 <para>
205 <option>--enable-ldapdb</option>: This switch enables the
206 LDAPDB authentication backend. There is a circular dependency with this
207 parameter. See <ulink url="&blfs-wiki;/cyrus-sasl"/> for a solution to
208 this problem.
209 </para>
210
211 <para>
212 <option>--enable-java</option>: This switch enables compiling of the
213 <application>Java</application> support libraries.
214 </para>
215
216 <para>
217 <option>--enable-login</option>: This option enables unsupported
218 LOGIN authentication.
219 </para>
220
221 <para>
222 <option>--enable-ntlm</option>: This option enables unsupported
223 NTLM authentication.
224 </para>
225
226 <para>
227 <command>install -v -m644 ...</command>: These commands
228 install documentation which is not installed by the
229 <command>make install</command> command.
230 </para>
231
232 <para>
233 <command>install -v -m700 -d /var/lib/sasl</command>: This directory
234 must exist when starting <command>saslauthd</command> or using the
235 sasldb plugin. If you're not going to be running the daemon or
236 using the plugins, you may omit the creation of this directory.
237 </para>
238
239 </sect2>
240
241 <sect2 role="configuration">
242 <title>Configuring Cyrus SASL</title>
243
244 <sect3 id="cyrus-sasl-config">
245 <title>Config Files</title>
246
247 <para>
248 <filename>/etc/saslauthd.conf</filename>
249 (for <command>saslauthd</command> LDAP configuration) and
250 <filename>/etc/sasl2/Appname.conf</filename>
251 (where "Appname" is the application defined name of the application)
252 </para>
253
254 <indexterm zone="cyrus-sasl cyrus-sasl-config">
255 <primary sortas="e-etc-saslauthd.conf">/etc/saslauthd.conf</primary>
256 </indexterm>
257
258 </sect3>
259
260 <sect3>
261 <title>Configuration Information</title>
262
263 <para>
264 See
265 <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/sysadmin.html"/>
266 for information on what to include in the application configuration files.
267 </para>
268
269 <para>
270 See
271 <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/LDAP_SASLAUTHD"/>
272 for configuring <command>saslauthd</command> with
273 <application>OpenLDAP</application>.
274 </para>
275
276 <para>
277 See
278 <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/gssapi.html"/>
279 for configuring <command>saslauthd</command> with <application>Kerberos</application>.
280 </para>
281
282 </sect3>
283
284 <sect3 id="cyrus-sasl-init">
285 <title>Init Script</title>
286
287 <para>
288 If you need to run the <command>saslauthd</command> daemon at system
289 startup, install the <filename>/etc/rc.d/init.d/saslauthd</filename>
290 init script included in the <xref linkend="bootscripts"/>
291 package using the following command:
292 </para>
293
294 <indexterm zone="cyrus-sasl cyrus-sasl-init">
295 <primary sortas="f-saslauthd">saslauthd</primary>
296 </indexterm>
297
298<screen role="root"><userinput>make install-saslauthd</userinput></screen>
299
300 <note>
301 <para>
302 You'll need to modify /etc/sysconfig/saslauthd and replace the
303 <option><replaceable>AUTHMECH</replaceable></option> parameter
304 with your desired authentication mechanism.
305 </para>
306 </note>
307
308 </sect3>
309
310 <sect3 id="cyrus-sasl-systemd">
311 <title>Systemd Unit File</title>
312
313 <para>
314 Instead of using the classic boot script, the systemd-units package
315 provides native unit files. Install the systemd unit in the <xref linkend="systemd-units"/>
316 package using the following command:
317 </para>
318
319 <indexterm zone="cyrus-sasl cyrus-sasl-systemd">
320 <primary sortas="f-saslauthd">saslauthd</primary>
321 </indexterm>
322
323<screen role="root"><userinput>make install-saslauthd</userinput></screen>
324
325 <note>
326 <para>
327 The default authentication method is "shadow" and that the /etc/default/saslauthd
328 file needs to be modified for anything else.
329 </para>
330 </note>
331
332 </sect3>
333
334 </sect2>
335
336 <sect2 role="content">
337 <title>Contents</title>
338
339 <segmentedlist>
340 <segtitle>Installed Programs</segtitle>
341 <segtitle>Installed Library</segtitle>
342 <segtitle>Installed Directories</segtitle>
343
344 <seglistitem>
345 <seg>
346 pluginviewer, saslauthd, sasldblistusers2, saslpasswd2 and
347 testsaslauthd
348 </seg>
349 <seg>
350 libsasl2.so
351 </seg>
352 <seg>
353 /usr/include/sasl,
354 /usr/lib/sasl2,
355 /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; and
356 /var/lib/sasl
357 </seg>
358 </seglistitem>
359 </segmentedlist>
360
361 <variablelist>
362 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
363 <?dbfo list-presentation="list"?>
364 <?dbhtml list-presentation="table"?>
365
366 <varlistentry id="pluginviewer">
367 <term><command>pluginviewer</command></term>
368 <listitem>
369 <para>
370 is used to list loadable SASL plugins and their properties.
371 </para>
372 <indexterm zone="cyrus-sasl pluginviewer">
373 <primary sortas="b-pluginviewer">pluginviewer</primary>
374 </indexterm>
375 </listitem>
376 </varlistentry>
377
378 <varlistentry id="saslauthd">
379 <term><command>saslauthd</command></term>
380 <listitem>
381 <para>
382 is the SASL authentication server.
383 </para>
384 <indexterm zone="cyrus-sasl saslauthd">
385 <primary sortas="b-saslauthd">saslauthd</primary>
386 </indexterm>
387 </listitem>
388 </varlistentry>
389
390 <varlistentry id="sasldblistusers2">
391 <term><command>sasldblistusers2</command></term>
392 <listitem>
393 <para>
394 is used to list the users in the SASL password database
395 <filename>sasldb2</filename>.
396 </para>
397 <indexterm zone="cyrus-sasl sasldblistusers2">
398 <primary sortas="b-sasldblistusers2">sasldblistusers2</primary>
399 </indexterm>
400 </listitem>
401 </varlistentry>
402
403 <varlistentry id="saslpasswd2">
404 <term><command>saslpasswd2</command></term>
405 <listitem>
406 <para>
407 is used to set and delete a user's SASL password and
408 mechanism specific secrets in the SASL password
409 database <filename>sasldb2</filename>.
410 </para>
411 <indexterm zone="cyrus-sasl saslpasswd2">
412 <primary sortas="b-saslpasswd2">saslpasswd2</primary>
413 </indexterm>
414 </listitem>
415 </varlistentry>
416
417 <varlistentry id="testsaslauthd">
418 <term><command>testsaslauthd</command></term>
419 <listitem>
420 <para>
421 is a test utility for the SASL authentication server.
422 </para>
423 <indexterm zone="cyrus-sasl testsaslauthd">
424 <primary sortas="b-testsaslauthd">testsaslauthd</primary>
425 </indexterm>
426 </listitem>
427 </varlistentry>
428
429 <varlistentry id="libsasl2">
430 <term><filename class="libraryfile">libsasl2.so</filename></term>
431 <listitem>
432 <para>
433 is a general purpose authentication library for server
434 and client applications.
435 </para>
436 <indexterm zone="cyrus-sasl libsasl2">
437 <primary sortas="c-libsasl2">libsasl2.so</primary>
438 </indexterm>
439 </listitem>
440 </varlistentry>
441
442 </variablelist>
443
444 </sect2>
445
446</sect1>
Note: See TracBrowser for help on using the repository browser.