Context Navigation

source: postlfs/security/cyrus-sasl.xml@ 6c73ed0

Visit:

12.1 ken/TL2024 ken/tuningfonts lazarus plabs/newcss python3.11 rahul/power-profiles-daemon renodr/vulkan-addition trunk xry111/llvm18

Last change on this file since 6c73ed0 was c8b719a, checked in by Douglas R. Reno <renodr@…>, 11 months ago
Tags
Property mode set to `100644`
File size: 14.1 KB

Rev	Line
[da4aff6]	1	<?xml version="1.0" encoding="ISO-8859-1"?>
[6732c094]	2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
	3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
[da4aff6]	4	<!ENTITY % general-entities SYSTEM "../../general.ent">
	5	%general-entities;
	6
[99c5223]	7	<!ENTITY cyrus-sasl-download-http "https://github.com/cyrusimap/cyrus-sasl/releases/download/cyrus-sasl-&cyrus-sasl-version;/cyrus-sasl-&cyrus-sasl-version;.tar.gz">
[2c7f15e]	8	<!ENTITY cyrus-sasl-download-ftp " ">
[4483a9a]	9	<!ENTITY cyrus-sasl-md5sum "6f228a692516f5318a64505b46966cfa">
[ebf10d3e]	10	<!ENTITY cyrus-sasl-size "3.9 MB">
[4483a9a]	11	<!ENTITY cyrus-sasl-buildsize "28 MB">
	12	<!ENTITY cyrus-sasl-time "0.2 SBU">
[da4aff6]	13	]>
	14
	15	<sect1 id="cyrus-sasl" xreflabel="Cyrus SASL-&cyrus-sasl-version;">
[1cc0752]	16	<?dbhtml filename="cyrus-sasl.html"?>
	17
	18
	19	<title>Cyrus SASL-&cyrus-sasl-version;</title>
	20
	21	<indexterm zone="cyrus-sasl">
	22	<primary sortas="a-Cyrus-SASL">Cyrus SASL</primary>
	23	</indexterm>
	24
	25	<sect2 role="package">
	26	<title>Introduction to Cyrus SASL</title>
	27
[faf325d]	28	<para>
	29	The <application>Cyrus SASL</application> package contains a Simple
[4483a9a]	30	Authentication and Security Layer implementation, a method for adding
	31	authentication support to connection-based protocols. To use SASL, a
	32	protocol includes a command for identifying and authenticating a user to
	33	a server and for optionally negotiating protection of subsequent protocol
	34	interactions. If its use is negotiated, a security layer is inserted
	35	between the protocol and the connection.
[faf325d]	36	</para>
[1cc0752]	37
[c8b719a]	38	&lfs120_checked;
[fae66a0]	39
[7ffeb4bd]	40	<!-- To test this package at freeze, run the following command:
	41	testsaslauthd -u <current user> -p <password>
	42	after saslauthd is started. -->
[1cc0752]	43	<bridgehead renderas="sect3">Package Information</bridgehead>
	44	<itemizedlist spacing="compact">
	45	<listitem>
[faf325d]	46	<para>
	47	Download (HTTP): <ulink url="&cyrus-sasl-download-http;"/>
	48	</para>
[1cc0752]	49	</listitem>
	50	<listitem>
[faf325d]	51	<para>
	52	Download (FTP): <ulink url="&cyrus-sasl-download-ftp;"/>
	53	</para>
[1cc0752]	54	</listitem>
	55	<listitem>
[faf325d]	56	<para>
	57	Download MD5 sum: &cyrus-sasl-md5sum;
	58	</para>
[1cc0752]	59	</listitem>
	60	<listitem>
[faf325d]	61	<para>
	62	Download size: &cyrus-sasl-size;
	63	</para>
[1cc0752]	64	</listitem>
	65	<listitem>
[faf325d]	66	<para>
	67	Estimated disk space required: &cyrus-sasl-buildsize;
	68	</para>
[1cc0752]	69	</listitem>
	70	<listitem>
[faf325d]	71	<para>
	72	Estimated build time: &cyrus-sasl-time;
	73	</para>
[1cc0752]	74	</listitem>
	75	</itemizedlist>
[d9914a3]	76
[4483a9a]	77	<!-- Not needed anymore
[fae66a0]	78	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
	79	<itemizedlist spacing="compact">
	80	<listitem>
[faf325d]	81	<para>
	82	Required patch:
[d9914a3]	83	<ulink url="&patch-root;/cyrus-sasl-&cyrus-sasl-version;-doc_fixes-1.patch"/>
	84	</para>
[fae66a0]	85	</listitem>
[4483a9a]	86	<!- -<listitem>
[a4f37269]	87	<para>
	88	Required patch:
	89	<ulink url="&patch-root;/cyrus-sasl-&cyrus-sasl-version;-openssl-1.1.0-1.patch"/>
	90	</para>
[4483a9a]	91	</listitem>- ->
[fae66a0]	92	</itemizedlist>
[4483a9a]	93	-->
[d9914a3]	94
[ebf10d3e]	95	<bridgehead renderas="sect3">Cyrus SASL Dependencies</bridgehead>
	96
[fae66a0]	97	<bridgehead renderas="sect4">Recommended</bridgehead>
[faf325d]	98	<para role="recommended">
	99	<xref linkend="db"/>
	100	</para>
[fae66a0]	101
[1cc0752]	102	<bridgehead renderas="sect4">Optional</bridgehead>
[faf325d]	103	<para role="optional">
	104	<xref linkend="linux-pam"/>,
	105	<xref linkend="mitkrb"/>,
[cd29bc9]	106	<xref linkend="mariadb"/> or <ulink url="https://www.mysql.com/">MySQL</ulink>,
[faf325d]	107	<xref linkend="openldap"/>,
	108	<xref linkend="postgresql"/>,
[c10acfe]	109	<xref linkend="sphinx"/>,
[faf325d]	110	<xref linkend="sqlite"/>,
[ba718791]	111	<ulink url="https://stuff.mit.edu/afs/net.mit.edu/project/attic/krb4/">krb4</ulink>,
[c10acfe]	112	<ulink url="https://dmalloc.com/">Dmalloc</ulink>, and
	113	<ulink url="https://metacpan.org/pod/Pod::POM::View::Restructured">Pod::POM::View::Restructured</ulink>
[faf325d]	114	</para>
[1cc0752]	115
	116	</sect2>
	117
	118	<sect2 role="installation">
	119	<title>Installation of Cyrus SASL</title>
	120
[b412c90f]	121	<note>
	122	<para>
	123	This package does not support parallel build.
	124	</para>
	125	</note>
	126
[d9914a3]	127	<!-- Without this patch, having Sphinx and/or doctools (doctools not tested)
	128	on the system causes an FTBFS when man pages are generated. The Sphinx
	129	and Docutils API has changed significantly between Sphinx-{1,2} and
[4483a9a]	130	Sphinx-3.0.
[d9914a3]	131
	132	<para>
	133	First, fix a build failure if Sphinx or
	134	<xref role="nodep" linkend="docutils"/> is installed on the system:
	135	</para>
	136
	137	<screen><userinput remap="pre">patch -Np1 -i ../cyrus-sasl-2.1.27-doc_fixes-1.patch</userinput></screen>
[4483a9a]	138	-->
[d9914a3]	139
[faf325d]	140	<para>
	141	Install <application>Cyrus SASL</application> by
	142	running the following commands:
	143	</para>
[1cc0752]	144
[ebf10d3e]	145	<screen><userinput>./configure --prefix=/usr \
[15fc6d6]	146	--sysconfdir=/etc \
	147	--enable-auth-sasldb \
[a8c9494]	148	--with-dbpath=/var/lib/sasl/sasldb2 \
[dcb7f66]	149	--with-sphinx-build=no \
[643ea8d7]	150	--with-saslauthd=/var/run/saslauthd &&
[b412c90f]	151	make -j1</userinput></screen>
[305e60de]	152
[faf325d]	153	<para>
	154	This package does not come with a test suite. If you are planning
[ebf10d3e]	155	on using the GSSAPI authentication mechanism, test
[faf325d]	156	it after installing the package using the sample server and client
	157	programs which were built in the preceding step. Instructions for
	158	performing the tests can be found at
	159	<ulink url="&hints-root;/downloads/files/cyrus-sasl.txt"/>.
	160	</para>
[1f01e700]	161
[faf325d]	162	<para>
	163	Now, as the <systemitem class="username">root</systemitem> user:
	164	</para>
[305e60de]	165
[1cc0752]	166	<screen role="root"><userinput>make install &&
[ebf10d3e]	167	install -v -dm755 /usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/html &&
[b0c1bf3]	168	install -v -m644 saslauthd/LDAP_SASLAUTHD /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; &&
[07ea289]	169	install -v -m644 doc/legacy/*.html /usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/html &&
[faf325d]	170	install -v -dm700 /var/lib/sasl</userinput></screen>
[da4aff6]	171
[1cc0752]	172	</sect2>
	173
	174	<sect2 role="commands">
	175	<title>Command Explanations</title>
	176
[faf325d]	177	<para>
	178	<parameter>--with-dbpath=/var/lib/sasl/sasldb2</parameter>: This
	179	switch forces the <command>sasldb</command> database to be created
	180	in <filename class="directory">/var/lib/sasl</filename> instead of
	181	<filename class="directory">/etc</filename>.
	182	</para>
	183
	184	<para>
	185	<parameter>--with-saslauthd=/var/run/saslauthd</parameter>: This
	186	switch forces <command>saslauthd</command> to use the FHS compliant
	187	directory <filename class="directory">/var/run/saslauthd</filename>
	188	for variable run-time data.
	189	</para>
	190
[a5ce76f]	191	<para>
	192	<parameter>--enable-auth-sasldb</parameter>: This switch enables
	193	SASLDB authentication backend.
	194	</para>
	195
[faf325d]	196	<para>
[f859e6fd]	197	<option>--with-dblib=gdbm</option>: This switch forces
[faf325d]	198	<application>GDBM</application> to be used instead of
	199	<application>Berkeley DB</application>.
	200	</para>
	201
	202	<para>
	203	<option>--with-ldap</option>: This switch enables the
	204	<application>OpenLDAP</application> support.
	205	</para>
	206
	207	<para>
	208	<option>--enable-ldapdb</option>: This switch enables the
[14891a90]	209	LDAPDB authentication backend.
[faf325d]	210	</para>
	211
[fb1f32b]	212	<!-- Removed in 2.1.28
[faf325d]	213	<para>
[fb1f32b]	214	<option>- -enable-java</option>: This switch enables compiling of the
[faf325d]	215	<application>Java</application> support libraries.
	216	</para>
[fb1f32b]	217	-->
[faf325d]	218
	219	<para>
	220	<option>--enable-login</option>: This option enables unsupported
	221	LOGIN authentication.
	222	</para>
	223
	224	<para>
	225	<option>--enable-ntlm</option>: This option enables unsupported
	226	NTLM authentication.
	227	</para>
	228
	229	<para>
	230	<command>install -v -m644 ...</command>: These commands
	231	install documentation which is not installed by the
	232	<command>make install</command> command.
	233	</para>
	234
	235	<para>
	236	<command>install -v -m700 -d /var/lib/sasl</command>: This directory
	237	must exist when starting <command>saslauthd</command> or using the
	238	sasldb plugin. If you're not going to be running the daemon or
	239	using the plugins, you may omit the creation of this directory.
	240	</para>
[1cc0752]	241
	242	</sect2>
	243
	244	<sect2 role="configuration">
	245	<title>Configuring Cyrus SASL</title>
	246
	247	<sect3 id="cyrus-sasl-config">
	248	<title>Config Files</title>
	249
[faf325d]	250	<para>
	251	<filename>/etc/saslauthd.conf</filename>
	252	(for <command>saslauthd</command> LDAP configuration) and
	253	<filename>/etc/sasl2/Appname.conf</filename>
	254	(where "Appname" is the application defined name of the application)
	255	</para>
[1cc0752]	256
	257	<indexterm zone="cyrus-sasl cyrus-sasl-config">
	258	<primary sortas="e-etc-saslauthd.conf">/etc/saslauthd.conf</primary>
	259	</indexterm>
	260
	261	</sect3>
	262
	263	<sect3>
	264	<title>Configuration Information</title>
	265
[faf325d]	266	<para>
	267	See
[7ffeb4bd]	268	<ulink url="https://www.cyrusimap.org/sasl/sasl/sysadmin.html"/>
[faf325d]	269	for information on what to include in the application configuration files.
	270	</para>
	271
	272	<para>
	273	See
[0d381254]	274	<ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/LDAP_SASLAUTHD"/>
[faf325d]	275	for configuring <command>saslauthd</command> with
	276	<application>OpenLDAP</application>.
	277	</para>
	278
	279	<para>
	280	See
[7ffeb4bd]	281	<ulink url="https://www.cyrusimap.org/sasl/sasl/gssapi.html#gssapi"/>
[faf325d]	282	for configuring <command>saslauthd</command> with <application>Kerberos</application>.
[fae66a0]	283	</para>
[1cc0752]	284
	285	</sect3>
	286
[e445195]	287	<sect3 id="cyrus-sasl-init">
[f586237]	288	<title><phrase revision="sysv">Init Script</phrase>
	289	<phrase revision="systemd">Systemd Unit</phrase></title>
[e445195]	290
[f586237]	291	<para revision="sysv">
[e445195]	292	If you need to run the <command>saslauthd</command> daemon at system
	293	startup, install the <filename>/etc/rc.d/init.d/saslauthd</filename>
[f586237]	294	init script included in the
	295	<xref linkend="bootscripts"/> package using the following command:
	296	</para>
	297
	298	<para revision="systemd">
	299	If you need to run the <command>saslauthd</command> daemon at system
	300	startup, install the <filename>saslauthd.service</filename> unit
	301	included in the <xref linkend="systemd-units"/> package using the
	302	following command:
[e445195]	303	</para>
	304
	305	<indexterm zone="cyrus-sasl cyrus-sasl-init">
	306	<primary sortas="f-saslauthd">saslauthd</primary>
	307	</indexterm>
	308
	309	<screen role="root"><userinput>make install-saslauthd</userinput></screen>
	310
	311	<note>
	312	<para>
[f586237]	313	You'll need to modify
	314	<filename revision="sysv">/etc/sysconfig/saslauthd</filename>
	315	<filename revision="systemd">/etc/default/saslauthd</filename>
	316	and modify the
	317	<option revision="sysv">AUTHMECH</option>
	318	<option revision="systemd">MECHANISM</option>
	319	parameter with your desired authentication mechanism.
[6fef3c9]	320	<phrase revision="systemd">The default authentication
	321	mechanism is "shadow".</phrase>
[e445195]	322	</para>
	323	</note>
	324
	325	</sect3>
[1cc0752]	326
	327	</sect2>
	328
	329	<sect2 role="content">
	330	<title>Contents</title>
	331
	332	<segmentedlist>
	333	<segtitle>Installed Programs</segtitle>
[faf325d]	334	<segtitle>Installed Library</segtitle>
[1cc0752]	335	<segtitle>Installed Directories</segtitle>
	336
	337	<seglistitem>
[faf325d]	338	<seg>
	339	pluginviewer, saslauthd, sasldblistusers2, saslpasswd2 and
	340	testsaslauthd
	341	</seg>
	342	<seg>
	343	libsasl2.so
	344	</seg>
	345	<seg>
	346	/usr/include/sasl,
	347	/usr/lib/sasl2,
	348	/usr/share/doc/cyrus-sasl-&cyrus-sasl-version; and
	349	/var/lib/sasl
	350	</seg>
[1cc0752]	351	</seglistitem>
	352	</segmentedlist>
	353
	354	<variablelist>
	355	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
	356	<?dbfo list-presentation="list"?>
	357	<?dbhtml list-presentation="table"?>
	358
[fae66a0]	359	<varlistentry id="pluginviewer">
	360	<term><command>pluginviewer</command></term>
	361	<listitem>
[faf325d]	362	<para>
[4c24eb0a]	363	is used to list loadable SASL plugins and their properties
[faf325d]	364	</para>
[fae66a0]	365	<indexterm zone="cyrus-sasl pluginviewer">
	366	<primary sortas="b-pluginviewer">pluginviewer</primary>
	367	</indexterm>
	368	</listitem>
	369	</varlistentry>
	370
[1cc0752]	371	<varlistentry id="saslauthd">
	372	<term><command>saslauthd</command></term>
	373	<listitem>
[faf325d]	374	<para>
[4c24eb0a]	375	is the SASL authentication server
[faf325d]	376	</para>
[1cc0752]	377	<indexterm zone="cyrus-sasl saslauthd">
	378	<primary sortas="b-saslauthd">saslauthd</primary>
	379	</indexterm>
	380	</listitem>
	381	</varlistentry>
	382
	383	<varlistentry id="sasldblistusers2">
	384	<term><command>sasldblistusers2</command></term>
	385	<listitem>
[faf325d]	386	<para>
	387	is used to list the users in the SASL password database
[4c24eb0a]	388	<filename>sasldb2</filename>
[faf325d]	389	</para>
[1cc0752]	390	<indexterm zone="cyrus-sasl sasldblistusers2">
	391	<primary sortas="b-sasldblistusers2">sasldblistusers2</primary>
	392	</indexterm>
	393	</listitem>
	394	</varlistentry>
	395
	396	<varlistentry id="saslpasswd2">
	397	<term><command>saslpasswd2</command></term>
	398	<listitem>
[faf325d]	399	<para>
	400	is used to set and delete a user's SASL password and
	401	mechanism specific secrets in the SASL password
[4c24eb0a]	402	database <filename>sasldb2</filename>
[faf325d]	403	</para>
[1cc0752]	404	<indexterm zone="cyrus-sasl saslpasswd2">
	405	<primary sortas="b-saslpasswd2">saslpasswd2</primary>
	406	</indexterm>
	407	</listitem>
	408	</varlistentry>
	409
[fae66a0]	410	<varlistentry id="testsaslauthd">
	411	<term><command>testsaslauthd</command></term>
	412	<listitem>
[faf325d]	413	<para>
[4c24eb0a]	414	is a test utility for the SASL authentication server
[faf325d]	415	</para>
[fae66a0]	416	<indexterm zone="cyrus-sasl testsaslauthd">
	417	<primary sortas="b-testsaslauthd">testsaslauthd</primary>
	418	</indexterm>
	419	</listitem>
	420	</varlistentry>
	421
[1cc0752]	422	<varlistentry id="libsasl2">
[faf325d]	423	<term><filename class="libraryfile">libsasl2.so</filename></term>
[1cc0752]	424	<listitem>
[faf325d]	425	<para>
	426	is a general purpose authentication library for server
[4c24eb0a]	427	and client applications
[faf325d]	428	</para>
[1cc0752]	429	<indexterm zone="cyrus-sasl libsasl2">
	430	<primary sortas="c-libsasl2">libsasl2.so</primary>
	431	</indexterm>
	432	</listitem>
	433	</varlistentry>
	434
	435	</variablelist>
	436
	437	</sect2>
	438
	439	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: