Context Navigation

source: postlfs/security/cyrus-sasl.xml@ 53d31c69

Visit:

gimp3 lazarus trunk

Last change on this file since 53d31c69 was 1241ea19, checked in by Bruce Dubbs <bdubbs@…>, 5 months ago
Tag xfce and dependencies
Property mode set to `100644`
File size: 14.2 KB

Rev	Line
[ab4fdfc]	1	<?xml version="1.0" encoding="UTF-8"?>
[6732c094]	2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
	3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
[da4aff6]	4	<!ENTITY % general-entities SYSTEM "../../general.ent">
	5	%general-entities;
	6
[99c5223]	7	<!ENTITY cyrus-sasl-download-http "https://github.com/cyrusimap/cyrus-sasl/releases/download/cyrus-sasl-&cyrus-sasl-version;/cyrus-sasl-&cyrus-sasl-version;.tar.gz">
[2c7f15e]	8	<!ENTITY cyrus-sasl-download-ftp " ">
[4483a9a]	9	<!ENTITY cyrus-sasl-md5sum "6f228a692516f5318a64505b46966cfa">
[ebf10d3e]	10	<!ENTITY cyrus-sasl-size "3.9 MB">
[4483a9a]	11	<!ENTITY cyrus-sasl-buildsize "28 MB">
	12	<!ENTITY cyrus-sasl-time "0.2 SBU">
[da4aff6]	13	]>
	14
	15	<sect1 id="cyrus-sasl" xreflabel="Cyrus SASL-&cyrus-sasl-version;">
[1cc0752]	16	<?dbhtml filename="cyrus-sasl.html"?>
	17
	18
	19	<title>Cyrus SASL-&cyrus-sasl-version;</title>
	20
	21	<indexterm zone="cyrus-sasl">
	22	<primary sortas="a-Cyrus-SASL">Cyrus SASL</primary>
	23	</indexterm>
	24
	25	<sect2 role="package">
	26	<title>Introduction to Cyrus SASL</title>
	27
[faf325d]	28	<para>
	29	The <application>Cyrus SASL</application> package contains a Simple
[4483a9a]	30	Authentication and Security Layer implementation, a method for adding
	31	authentication support to connection-based protocols. To use SASL, a
	32	protocol includes a command for identifying and authenticating a user to
	33	a server and for optionally negotiating protection of subsequent protocol
	34	interactions. If its use is negotiated, a security layer is inserted
	35	between the protocol and the connection.
[faf325d]	36	</para>
[1cc0752]	37
[1241ea19]	38	&lfs121_checked;
[fae66a0]	39
[7ffeb4bd]	40	<!-- To test this package at freeze, run the following command:
	41	testsaslauthd -u <current user> -p <password>
	42	after saslauthd is started. -->
[1cc0752]	43	<bridgehead renderas="sect3">Package Information</bridgehead>
	44	<itemizedlist spacing="compact">
	45	<listitem>
[faf325d]	46	<para>
	47	Download (HTTP): <ulink url="&cyrus-sasl-download-http;"/>
	48	</para>
[1cc0752]	49	</listitem>
	50	<listitem>
[faf325d]	51	<para>
	52	Download (FTP): <ulink url="&cyrus-sasl-download-ftp;"/>
	53	</para>
[1cc0752]	54	</listitem>
	55	<listitem>
[faf325d]	56	<para>
	57	Download MD5 sum: &cyrus-sasl-md5sum;
	58	</para>
[1cc0752]	59	</listitem>
	60	<listitem>
[faf325d]	61	<para>
	62	Download size: &cyrus-sasl-size;
	63	</para>
[1cc0752]	64	</listitem>
	65	<listitem>
[faf325d]	66	<para>
	67	Estimated disk space required: &cyrus-sasl-buildsize;
	68	</para>
[1cc0752]	69	</listitem>
	70	<listitem>
[faf325d]	71	<para>
	72	Estimated build time: &cyrus-sasl-time;
	73	</para>
[1cc0752]	74	</listitem>
	75	</itemizedlist>
[d9914a3]	76
[4483a9a]	77	<!-- Not needed anymore
[fae66a0]	78	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
	79	<itemizedlist spacing="compact">
	80	<listitem>
[faf325d]	81	<para>
	82	Required patch:
[d9914a3]	83	<ulink url="&patch-root;/cyrus-sasl-&cyrus-sasl-version;-doc_fixes-1.patch"/>
	84	</para>
[fae66a0]	85	</listitem>
[4483a9a]	86	<!- -<listitem>
[a4f37269]	87	<para>
	88	Required patch:
	89	<ulink url="&patch-root;/cyrus-sasl-&cyrus-sasl-version;-openssl-1.1.0-1.patch"/>
	90	</para>
[4483a9a]	91	</listitem>- ->
[fae66a0]	92	</itemizedlist>
[4483a9a]	93	-->
[d9914a3]	94
[ebf10d3e]	95	<bridgehead renderas="sect3">Cyrus SASL Dependencies</bridgehead>
	96
[fae66a0]	97	<bridgehead renderas="sect4">Recommended</bridgehead>
[faf325d]	98	<para role="recommended">
[7167f30]	99	<xref linkend="lmdb"/>
[faf325d]	100	</para>
[fae66a0]	101
[1cc0752]	102	<bridgehead renderas="sect4">Optional</bridgehead>
[faf325d]	103	<para role="optional">
	104	<xref linkend="linux-pam"/>,
	105	<xref linkend="mitkrb"/>,
[cd29bc9]	106	<xref linkend="mariadb"/> or <ulink url="https://www.mysql.com/">MySQL</ulink>,
[faf325d]	107	<xref linkend="openldap"/>,
	108	<xref linkend="postgresql"/>,
[c10acfe]	109	<xref linkend="sphinx"/>,
[faf325d]	110	<xref linkend="sqlite"/>,
[dcd5a063]	111	&berkeley-db;,
[ba718791]	112	<ulink url="https://stuff.mit.edu/afs/net.mit.edu/project/attic/krb4/">krb4</ulink>,
[c10acfe]	113	<ulink url="https://dmalloc.com/">Dmalloc</ulink>, and
	114	<ulink url="https://metacpan.org/pod/Pod::POM::View::Restructured">Pod::POM::View::Restructured</ulink>
[faf325d]	115	</para>
[1cc0752]	116
	117	</sect2>
	118
	119	<sect2 role="installation">
	120	<title>Installation of Cyrus SASL</title>
	121
[b412c90f]	122	<note>
	123	<para>
	124	This package does not support parallel build.
	125	</para>
	126	</note>
	127
[d9914a3]	128	<!-- Without this patch, having Sphinx and/or doctools (doctools not tested)
	129	on the system causes an FTBFS when man pages are generated. The Sphinx
	130	and Docutils API has changed significantly between Sphinx-{1,2} and
[4483a9a]	131	Sphinx-3.0.
[d9914a3]	132
	133	<para>
	134	First, fix a build failure if Sphinx or
	135	<xref role="nodep" linkend="docutils"/> is installed on the system:
	136	</para>
	137
	138	<screen><userinput remap="pre">patch -Np1 -i ../cyrus-sasl-2.1.27-doc_fixes-1.patch</userinput></screen>
[4483a9a]	139	-->
[d9914a3]	140
[faf325d]	141	<para>
	142	Install <application>Cyrus SASL</application> by
	143	running the following commands:
	144	</para>
[1cc0752]	145
[ebf10d3e]	146	<screen><userinput>./configure --prefix=/usr \
[15fc6d6]	147	--sysconfdir=/etc \
	148	--enable-auth-sasldb \
[7167f30]	149	--with-dblib=lmdb \
[a8c9494]	150	--with-dbpath=/var/lib/sasl/sasldb2 \
[dcb7f66]	151	--with-sphinx-build=no \
[643ea8d7]	152	--with-saslauthd=/var/run/saslauthd &&
[b412c90f]	153	make -j1</userinput></screen>
[305e60de]	154
[faf325d]	155	<para>
	156	This package does not come with a test suite. If you are planning
[ebf10d3e]	157	on using the GSSAPI authentication mechanism, test
[faf325d]	158	it after installing the package using the sample server and client
	159	programs which were built in the preceding step. Instructions for
	160	performing the tests can be found at
	161	<ulink url="&hints-root;/downloads/files/cyrus-sasl.txt"/>.
	162	</para>
[1f01e700]	163
[faf325d]	164	<para>
	165	Now, as the <systemitem class="username">root</systemitem> user:
	166	</para>
[305e60de]	167
[1cc0752]	168	<screen role="root"><userinput>make install &&
[ebf10d3e]	169	install -v -dm755 /usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/html &&
[b0c1bf3]	170	install -v -m644 saslauthd/LDAP_SASLAUTHD /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; &&
[07ea289]	171	install -v -m644 doc/legacy/*.html /usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/html &&
[faf325d]	172	install -v -dm700 /var/lib/sasl</userinput></screen>
[da4aff6]	173
[1cc0752]	174	</sect2>
	175
	176	<sect2 role="commands">
	177	<title>Command Explanations</title>
	178
[faf325d]	179	<para>
	180	<parameter>--with-dbpath=/var/lib/sasl/sasldb2</parameter>: This
	181	switch forces the <command>sasldb</command> database to be created
	182	in <filename class="directory">/var/lib/sasl</filename> instead of
	183	<filename class="directory">/etc</filename>.
	184	</para>
	185
	186	<para>
	187	<parameter>--with-saslauthd=/var/run/saslauthd</parameter>: This
	188	switch forces <command>saslauthd</command> to use the FHS compliant
	189	directory <filename class="directory">/var/run/saslauthd</filename>
	190	for variable run-time data.
	191	</para>
	192
[a5ce76f]	193	<para>
	194	<parameter>--enable-auth-sasldb</parameter>: This switch enables
	195	SASLDB authentication backend.
	196	</para>
	197
[faf325d]	198	<para>
[f859e6fd]	199	<option>--with-dblib=gdbm</option>: This switch forces
[faf325d]	200	<application>GDBM</application> to be used instead of
[7167f30]	201	<application>LMDB</application>.
[faf325d]	202	</para>
	203
	204	<para>
	205	<option>--with-ldap</option>: This switch enables the
	206	<application>OpenLDAP</application> support.
	207	</para>
	208
	209	<para>
	210	<option>--enable-ldapdb</option>: This switch enables the
[14891a90]	211	LDAPDB authentication backend.
[faf325d]	212	</para>
	213
[fb1f32b]	214	<!-- Removed in 2.1.28
[faf325d]	215	<para>
[fb1f32b]	216	<option>- -enable-java</option>: This switch enables compiling of the
[faf325d]	217	<application>Java</application> support libraries.
	218	</para>
[fb1f32b]	219	-->
[faf325d]	220
	221	<para>
	222	<option>--enable-login</option>: This option enables unsupported
	223	LOGIN authentication.
	224	</para>
	225
	226	<para>
	227	<option>--enable-ntlm</option>: This option enables unsupported
	228	NTLM authentication.
	229	</para>
	230
	231	<para>
	232	<command>install -v -m644 ...</command>: These commands
	233	install documentation which is not installed by the
	234	<command>make install</command> command.
	235	</para>
	236
	237	<para>
	238	<command>install -v -m700 -d /var/lib/sasl</command>: This directory
	239	must exist when starting <command>saslauthd</command> or using the
	240	sasldb plugin. If you're not going to be running the daemon or
	241	using the plugins, you may omit the creation of this directory.
	242	</para>
[1cc0752]	243
	244	</sect2>
	245
	246	<sect2 role="configuration">
	247	<title>Configuring Cyrus SASL</title>
	248
	249	<sect3 id="cyrus-sasl-config">
	250	<title>Config Files</title>
	251
[faf325d]	252	<para>
	253	<filename>/etc/saslauthd.conf</filename>
	254	(for <command>saslauthd</command> LDAP configuration) and
	255	<filename>/etc/sasl2/Appname.conf</filename>
	256	(where "Appname" is the application defined name of the application)
	257	</para>
[1cc0752]	258
	259	<indexterm zone="cyrus-sasl cyrus-sasl-config">
	260	<primary sortas="e-etc-saslauthd.conf">/etc/saslauthd.conf</primary>
	261	</indexterm>
	262
	263	</sect3>
	264
	265	<sect3>
	266	<title>Configuration Information</title>
	267
[faf325d]	268	<para>
	269	See
[7ffeb4bd]	270	<ulink url="https://www.cyrusimap.org/sasl/sasl/sysadmin.html"/>
[faf325d]	271	for information on what to include in the application configuration files.
	272	</para>
	273
	274	<para>
	275	See
[0d381254]	276	<ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/LDAP_SASLAUTHD"/>
[faf325d]	277	for configuring <command>saslauthd</command> with
	278	<application>OpenLDAP</application>.
	279	</para>
	280
	281	<para>
	282	See
[7ffeb4bd]	283	<ulink url="https://www.cyrusimap.org/sasl/sasl/gssapi.html#gssapi"/>
[faf325d]	284	for configuring <command>saslauthd</command> with <application>Kerberos</application>.
[fae66a0]	285	</para>
[1cc0752]	286
	287	</sect3>
	288
[e445195]	289	<sect3 id="cyrus-sasl-init">
[f586237]	290	<title><phrase revision="sysv">Init Script</phrase>
	291	<phrase revision="systemd">Systemd Unit</phrase></title>
[e445195]	292
[f586237]	293	<para revision="sysv">
[e445195]	294	If you need to run the <command>saslauthd</command> daemon at system
	295	startup, install the <filename>/etc/rc.d/init.d/saslauthd</filename>
[f586237]	296	init script included in the
	297	<xref linkend="bootscripts"/> package using the following command:
	298	</para>
	299
	300	<para revision="systemd">
	301	If you need to run the <command>saslauthd</command> daemon at system
	302	startup, install the <filename>saslauthd.service</filename> unit
	303	included in the <xref linkend="systemd-units"/> package using the
	304	following command:
[e445195]	305	</para>
	306
	307	<indexterm zone="cyrus-sasl cyrus-sasl-init">
	308	<primary sortas="f-saslauthd">saslauthd</primary>
	309	</indexterm>
	310
	311	<screen role="root"><userinput>make install-saslauthd</userinput></screen>
	312
	313	<note>
	314	<para>
[f586237]	315	You'll need to modify
	316	<filename revision="sysv">/etc/sysconfig/saslauthd</filename>
	317	<filename revision="systemd">/etc/default/saslauthd</filename>
	318	and modify the
	319	<option revision="sysv">AUTHMECH</option>
	320	<option revision="systemd">MECHANISM</option>
	321	parameter with your desired authentication mechanism.
[6fef3c9]	322	<phrase revision="systemd">The default authentication
	323	mechanism is "shadow".</phrase>
[e445195]	324	</para>
	325	</note>
	326
	327	</sect3>
[1cc0752]	328
	329	</sect2>
	330
	331	<sect2 role="content">
	332	<title>Contents</title>
	333
	334	<segmentedlist>
	335	<segtitle>Installed Programs</segtitle>
[faf325d]	336	<segtitle>Installed Library</segtitle>
[1cc0752]	337	<segtitle>Installed Directories</segtitle>
	338
	339	<seglistitem>
[faf325d]	340	<seg>
	341	pluginviewer, saslauthd, sasldblistusers2, saslpasswd2 and
	342	testsaslauthd
	343	</seg>
	344	<seg>
	345	libsasl2.so
	346	</seg>
	347	<seg>
	348	/usr/include/sasl,
	349	/usr/lib/sasl2,
	350	/usr/share/doc/cyrus-sasl-&cyrus-sasl-version; and
	351	/var/lib/sasl
	352	</seg>
[1cc0752]	353	</seglistitem>
	354	</segmentedlist>
	355
	356	<variablelist>
	357	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
	358	<?dbfo list-presentation="list"?>
	359	<?dbhtml list-presentation="table"?>
	360
[fae66a0]	361	<varlistentry id="pluginviewer">
	362	<term><command>pluginviewer</command></term>
	363	<listitem>
[faf325d]	364	<para>
[4c24eb0a]	365	is used to list loadable SASL plugins and their properties
[faf325d]	366	</para>
[fae66a0]	367	<indexterm zone="cyrus-sasl pluginviewer">
	368	<primary sortas="b-pluginviewer">pluginviewer</primary>
	369	</indexterm>
	370	</listitem>
	371	</varlistentry>
	372
[1cc0752]	373	<varlistentry id="saslauthd">
	374	<term><command>saslauthd</command></term>
	375	<listitem>
[faf325d]	376	<para>
[4c24eb0a]	377	is the SASL authentication server
[faf325d]	378	</para>
[1cc0752]	379	<indexterm zone="cyrus-sasl saslauthd">
	380	<primary sortas="b-saslauthd">saslauthd</primary>
	381	</indexterm>
	382	</listitem>
	383	</varlistentry>
	384
	385	<varlistentry id="sasldblistusers2">
	386	<term><command>sasldblistusers2</command></term>
	387	<listitem>
[faf325d]	388	<para>
	389	is used to list the users in the SASL password database
[4c24eb0a]	390	<filename>sasldb2</filename>
[faf325d]	391	</para>
[1cc0752]	392	<indexterm zone="cyrus-sasl sasldblistusers2">
	393	<primary sortas="b-sasldblistusers2">sasldblistusers2</primary>
	394	</indexterm>
	395	</listitem>
	396	</varlistentry>
	397
	398	<varlistentry id="saslpasswd2">
	399	<term><command>saslpasswd2</command></term>
	400	<listitem>
[faf325d]	401	<para>
	402	is used to set and delete a user's SASL password and
	403	mechanism specific secrets in the SASL password
[4c24eb0a]	404	database <filename>sasldb2</filename>
[faf325d]	405	</para>
[1cc0752]	406	<indexterm zone="cyrus-sasl saslpasswd2">
	407	<primary sortas="b-saslpasswd2">saslpasswd2</primary>
	408	</indexterm>
	409	</listitem>
	410	</varlistentry>
	411
[fae66a0]	412	<varlistentry id="testsaslauthd">
	413	<term><command>testsaslauthd</command></term>
	414	<listitem>
[faf325d]	415	<para>
[4c24eb0a]	416	is a test utility for the SASL authentication server
[faf325d]	417	</para>
[fae66a0]	418	<indexterm zone="cyrus-sasl testsaslauthd">
	419	<primary sortas="b-testsaslauthd">testsaslauthd</primary>
	420	</indexterm>
	421	</listitem>
	422	</varlistentry>
	423
[1cc0752]	424	<varlistentry id="libsasl2">
[faf325d]	425	<term><filename class="libraryfile">libsasl2.so</filename></term>
[1cc0752]	426	<listitem>
[faf325d]	427	<para>
	428	is a general purpose authentication library for server
[4c24eb0a]	429	and client applications
[faf325d]	430	</para>
[1cc0752]	431	<indexterm zone="cyrus-sasl libsasl2">
	432	<primary sortas="c-libsasl2">libsasl2.so</primary>
	433	</indexterm>
	434	</listitem>
	435	</varlistentry>
	436
	437	</variablelist>
	438
	439	</sect2>
	440
	441	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: