source: postlfs/security/cyrus-sasl.xml@ fc87c5a0

12.2 lazarus trunk
Last change on this file since fc87c5a0 was aa996df1, checked in by Douglas R. Reno <renodr@…>, 4 weeks ago

Tags

  • Property mode set to 100644
File size: 14.3 KB
RevLine 
[ab4fdfc]1<?xml version="1.0" encoding="UTF-8"?>
[6732c094]2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
[da4aff6]4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
[99c5223]7 <!ENTITY cyrus-sasl-download-http "https://github.com/cyrusimap/cyrus-sasl/releases/download/cyrus-sasl-&cyrus-sasl-version;/cyrus-sasl-&cyrus-sasl-version;.tar.gz">
[2c7f15e]8 <!ENTITY cyrus-sasl-download-ftp " ">
[4483a9a]9 <!ENTITY cyrus-sasl-md5sum "6f228a692516f5318a64505b46966cfa">
[ebf10d3e]10 <!ENTITY cyrus-sasl-size "3.9 MB">
[4483a9a]11 <!ENTITY cyrus-sasl-buildsize "28 MB">
12 <!ENTITY cyrus-sasl-time "0.2 SBU">
[da4aff6]13]>
14
15<sect1 id="cyrus-sasl" xreflabel="Cyrus SASL-&cyrus-sasl-version;">
[1cc0752]16 <?dbhtml filename="cyrus-sasl.html"?>
17
18
19 <title>Cyrus SASL-&cyrus-sasl-version;</title>
20
21 <indexterm zone="cyrus-sasl">
22 <primary sortas="a-Cyrus-SASL">Cyrus SASL</primary>
23 </indexterm>
24
25 <sect2 role="package">
26 <title>Introduction to Cyrus SASL</title>
27
[faf325d]28 <para>
29 The <application>Cyrus SASL</application> package contains a Simple
[4483a9a]30 Authentication and Security Layer implementation, a method for adding
31 authentication support to connection-based protocols. To use SASL, a
32 protocol includes a command for identifying and authenticating a user to
33 a server and for optionally negotiating protection of subsequent protocol
34 interactions. If its use is negotiated, a security layer is inserted
35 between the protocol and the connection.
[faf325d]36 </para>
[1cc0752]37
[aa996df1]38 &lfs122_checked;
[fae66a0]39
[7ffeb4bd]40 <!-- To test this package at freeze, run the following command:
41 testsaslauthd -u <current user> -p <password>
42 after saslauthd is started. -->
[1cc0752]43 <bridgehead renderas="sect3">Package Information</bridgehead>
44 <itemizedlist spacing="compact">
45 <listitem>
[faf325d]46 <para>
47 Download (HTTP): <ulink url="&cyrus-sasl-download-http;"/>
48 </para>
[1cc0752]49 </listitem>
50 <listitem>
[faf325d]51 <para>
52 Download (FTP): <ulink url="&cyrus-sasl-download-ftp;"/>
53 </para>
[1cc0752]54 </listitem>
55 <listitem>
[faf325d]56 <para>
57 Download MD5 sum: &cyrus-sasl-md5sum;
58 </para>
[1cc0752]59 </listitem>
60 <listitem>
[faf325d]61 <para>
62 Download size: &cyrus-sasl-size;
63 </para>
[1cc0752]64 </listitem>
65 <listitem>
[faf325d]66 <para>
67 Estimated disk space required: &cyrus-sasl-buildsize;
68 </para>
[1cc0752]69 </listitem>
70 <listitem>
[faf325d]71 <para>
72 Estimated build time: &cyrus-sasl-time;
73 </para>
[1cc0752]74 </listitem>
75 </itemizedlist>
[d9914a3]76
[4483a9a]77 <!-- Not needed anymore
[fae66a0]78 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
79 <itemizedlist spacing="compact">
80 <listitem>
[faf325d]81 <para>
82 Required patch:
[d9914a3]83 <ulink url="&patch-root;/cyrus-sasl-&cyrus-sasl-version;-doc_fixes-1.patch"/>
84 </para>
[fae66a0]85 </listitem>
[4483a9a]86 <!- -<listitem>
[a4f37269]87 <para>
88 Required patch:
89 <ulink url="&patch-root;/cyrus-sasl-&cyrus-sasl-version;-openssl-1.1.0-1.patch"/>
90 </para>
[4483a9a]91 </listitem>- ->
[fae66a0]92 </itemizedlist>
[4483a9a]93 -->
[d9914a3]94
[ebf10d3e]95 <bridgehead renderas="sect3">Cyrus SASL Dependencies</bridgehead>
96
[fae66a0]97 <bridgehead renderas="sect4">Recommended</bridgehead>
[faf325d]98 <para role="recommended">
[7167f30]99 <xref linkend="lmdb"/>
[faf325d]100 </para>
[fae66a0]101
[1cc0752]102 <bridgehead renderas="sect4">Optional</bridgehead>
[faf325d]103 <para role="optional">
104 <xref linkend="linux-pam"/>,
105 <xref linkend="mitkrb"/>,
[cd29bc9]106 <xref linkend="mariadb"/> or <ulink url="https://www.mysql.com/">MySQL</ulink>,
[faf325d]107 <xref linkend="openldap"/>,
108 <xref linkend="postgresql"/>,
[c10acfe]109 <xref linkend="sphinx"/>,
[faf325d]110 <xref linkend="sqlite"/>,
[dcd5a063]111 &berkeley-db;,
[ba718791]112 <ulink url="https://stuff.mit.edu/afs/net.mit.edu/project/attic/krb4/">krb4</ulink>,
[c10acfe]113 <ulink url="https://dmalloc.com/">Dmalloc</ulink>, and
114 <ulink url="https://metacpan.org/pod/Pod::POM::View::Restructured">Pod::POM::View::Restructured</ulink>
[faf325d]115 </para>
[1cc0752]116
117 </sect2>
118
119 <sect2 role="installation">
120 <title>Installation of Cyrus SASL</title>
121
[b412c90f]122 <note>
123 <para>
124 This package does not support parallel build.
125 </para>
126 </note>
127
[d9914a3]128 <!-- Without this patch, having Sphinx and/or doctools (doctools not tested)
129 on the system causes an FTBFS when man pages are generated. The Sphinx
130 and Docutils API has changed significantly between Sphinx-{1,2} and
[4483a9a]131 Sphinx-3.0.
[d9914a3]132
133 <para>
134 First, fix a build failure if Sphinx or
135 <xref role="nodep" linkend="docutils"/> is installed on the system:
136 </para>
137
138<screen><userinput remap="pre">patch -Np1 -i ../cyrus-sasl-2.1.27-doc_fixes-1.patch</userinput></screen>
[4483a9a]139 -->
[d9914a3]140
[b475e4e]141 <para>
[4dbe57c]142 First, fix a problem revealed by gcc-14:
[b475e4e]143 </para>
[4dbe57c]144
145<screen><userinput>sed '/saslint/a #include &lt;time.h&gt;' -i lib/saslutil.c &amp;&amp;
[b475e4e]146sed '/plugin_common/a #include &lt;time.h&gt;' -i plugins/cram.c</userinput></screen>
147
[faf325d]148 <para>
149 Install <application>Cyrus SASL</application> by
150 running the following commands:
151 </para>
[1cc0752]152
[4dbe57c]153<screen><userinput>./configure --prefix=/usr \
154 --sysconfdir=/etc \
155 --enable-auth-sasldb \
156 --with-dblib=lmdb \
[a8c9494]157 --with-dbpath=/var/lib/sasl/sasldb2 \
[dcb7f66]158 --with-sphinx-build=no \
[643ea8d7]159 --with-saslauthd=/var/run/saslauthd &amp;&amp;
[b412c90f]160make -j1</userinput></screen>
[305e60de]161
[faf325d]162 <para>
163 This package does not come with a test suite. If you are planning
[ebf10d3e]164 on using the GSSAPI authentication mechanism, test
[faf325d]165 it after installing the package using the sample server and client
166 programs which were built in the preceding step. Instructions for
167 performing the tests can be found at
168 <ulink url="&hints-root;/downloads/files/cyrus-sasl.txt"/>.
169 </para>
[1f01e700]170
[faf325d]171 <para>
172 Now, as the <systemitem class="username">root</systemitem> user:
173 </para>
[305e60de]174
[1cc0752]175<screen role="root"><userinput>make install &amp;&amp;
[ebf10d3e]176install -v -dm755 /usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/html &amp;&amp;
[b0c1bf3]177install -v -m644 saslauthd/LDAP_SASLAUTHD /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; &amp;&amp;
[07ea289]178install -v -m644 doc/legacy/*.html /usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/html &amp;&amp;
[faf325d]179install -v -dm700 /var/lib/sasl</userinput></screen>
[da4aff6]180
[1cc0752]181 </sect2>
182
183 <sect2 role="commands">
184 <title>Command Explanations</title>
185
[faf325d]186 <para>
187 <parameter>--with-dbpath=/var/lib/sasl/sasldb2</parameter>: This
188 switch forces the <command>sasldb</command> database to be created
189 in <filename class="directory">/var/lib/sasl</filename> instead of
190 <filename class="directory">/etc</filename>.
191 </para>
192
193 <para>
194 <parameter>--with-saslauthd=/var/run/saslauthd</parameter>: This
195 switch forces <command>saslauthd</command> to use the FHS compliant
196 directory <filename class="directory">/var/run/saslauthd</filename>
197 for variable run-time data.
198 </para>
199
[a5ce76f]200 <para>
201 <parameter>--enable-auth-sasldb</parameter>: This switch enables
202 SASLDB authentication backend.
203 </para>
204
[faf325d]205 <para>
[f859e6fd]206 <option>--with-dblib=gdbm</option>: This switch forces
[faf325d]207 <application>GDBM</application> to be used instead of
[7167f30]208 <application>LMDB</application>.
[faf325d]209 </para>
210
211 <para>
212 <option>--with-ldap</option>: This switch enables the
213 <application>OpenLDAP</application> support.
214 </para>
215
216 <para>
217 <option>--enable-ldapdb</option>: This switch enables the
[14891a90]218 LDAPDB authentication backend.
[1e02895]219 </para>
[faf325d]220
221 <para>
222 <option>--enable-login</option>: This option enables unsupported
223 LOGIN authentication.
224 </para>
225
226 <para>
227 <option>--enable-ntlm</option>: This option enables unsupported
228 NTLM authentication.
229 </para>
230
231 <para>
232 <command>install -v -m644 ...</command>: These commands
233 install documentation which is not installed by the
234 <command>make install</command> command.
235 </para>
236
237 <para>
238 <command>install -v -m700 -d /var/lib/sasl</command>: This directory
239 must exist when starting <command>saslauthd</command> or using the
240 sasldb plugin. If you're not going to be running the daemon or
241 using the plugins, you may omit the creation of this directory.
242 </para>
[1cc0752]243
244 </sect2>
245
246 <sect2 role="configuration">
247 <title>Configuring Cyrus SASL</title>
248
249 <sect3 id="cyrus-sasl-config">
250 <title>Config Files</title>
251
[faf325d]252 <para>
253 <filename>/etc/saslauthd.conf</filename>
254 (for <command>saslauthd</command> LDAP configuration) and
255 <filename>/etc/sasl2/Appname.conf</filename>
256 (where "Appname" is the application defined name of the application)
257 </para>
[1cc0752]258
259 <indexterm zone="cyrus-sasl cyrus-sasl-config">
260 <primary sortas="e-etc-saslauthd.conf">/etc/saslauthd.conf</primary>
261 </indexterm>
262
263 </sect3>
264
265 <sect3>
266 <title>Configuration Information</title>
267
[faf325d]268 <para>
269 See
[7ffeb4bd]270 <ulink url="https://www.cyrusimap.org/sasl/sasl/sysadmin.html"/>
[faf325d]271 for information on what to include in the application configuration files.
272 </para>
273
274 <para>
275 See
[0d381254]276 <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/LDAP_SASLAUTHD"/>
[faf325d]277 for configuring <command>saslauthd</command> with
278 <application>OpenLDAP</application>.
279 </para>
280
281 <para>
282 See
[7ffeb4bd]283 <ulink url="https://www.cyrusimap.org/sasl/sasl/gssapi.html#gssapi"/>
[faf325d]284 for configuring <command>saslauthd</command> with <application>Kerberos</application>.
[fae66a0]285 </para>
[1cc0752]286
287 </sect3>
288
[e445195]289 <sect3 id="cyrus-sasl-init">
[f586237]290 <title><phrase revision="sysv">Init Script</phrase>
291 <phrase revision="systemd">Systemd Unit</phrase></title>
[e445195]292
[f586237]293 <para revision="sysv">
[e445195]294 If you need to run the <command>saslauthd</command> daemon at system
295 startup, install the <filename>/etc/rc.d/init.d/saslauthd</filename>
[f586237]296 init script included in the
297 <xref linkend="bootscripts"/> package using the following command:
298 </para>
299
300 <para revision="systemd">
301 If you need to run the <command>saslauthd</command> daemon at system
302 startup, install the <filename>saslauthd.service</filename> unit
303 included in the <xref linkend="systemd-units"/> package using the
304 following command:
[e445195]305 </para>
306
307 <indexterm zone="cyrus-sasl cyrus-sasl-init">
308 <primary sortas="f-saslauthd">saslauthd</primary>
309 </indexterm>
310
311<screen role="root"><userinput>make install-saslauthd</userinput></screen>
312
313 <note>
314 <para>
[f586237]315 You'll need to modify
316 <filename revision="sysv">/etc/sysconfig/saslauthd</filename>
317 <filename revision="systemd">/etc/default/saslauthd</filename>
318 and modify the
319 <option revision="sysv">AUTHMECH</option>
320 <option revision="systemd">MECHANISM</option>
321 parameter with your desired authentication mechanism.
[6fef3c9]322 <phrase revision="systemd">The default authentication
323 mechanism is "shadow".</phrase>
[e445195]324 </para>
325 </note>
326
327 </sect3>
[1cc0752]328
329 </sect2>
330
331 <sect2 role="content">
332 <title>Contents</title>
333
334 <segmentedlist>
335 <segtitle>Installed Programs</segtitle>
[faf325d]336 <segtitle>Installed Library</segtitle>
[1cc0752]337 <segtitle>Installed Directories</segtitle>
338
339 <seglistitem>
[faf325d]340 <seg>
[4dbe57c]341 pluginviewer,
342 saslauthd,
343 sasldblistusers2,
344 saslpasswd2, and
[faf325d]345 testsaslauthd
346 </seg>
347 <seg>
348 libsasl2.so
349 </seg>
350 <seg>
351 /usr/include/sasl,
352 /usr/lib/sasl2,
353 /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; and
354 /var/lib/sasl
355 </seg>
[1cc0752]356 </seglistitem>
357 </segmentedlist>
358
359 <variablelist>
360 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
361 <?dbfo list-presentation="list"?>
362 <?dbhtml list-presentation="table"?>
363
[fae66a0]364 <varlistentry id="pluginviewer">
365 <term><command>pluginviewer</command></term>
366 <listitem>
[faf325d]367 <para>
[4c24eb0a]368 is used to list loadable SASL plugins and their properties
[faf325d]369 </para>
[fae66a0]370 <indexterm zone="cyrus-sasl pluginviewer">
371 <primary sortas="b-pluginviewer">pluginviewer</primary>
372 </indexterm>
373 </listitem>
374 </varlistentry>
375
[1cc0752]376 <varlistentry id="saslauthd">
377 <term><command>saslauthd</command></term>
378 <listitem>
[faf325d]379 <para>
[4c24eb0a]380 is the SASL authentication server
[faf325d]381 </para>
[1cc0752]382 <indexterm zone="cyrus-sasl saslauthd">
383 <primary sortas="b-saslauthd">saslauthd</primary>
384 </indexterm>
385 </listitem>
386 </varlistentry>
387
388 <varlistentry id="sasldblistusers2">
389 <term><command>sasldblistusers2</command></term>
390 <listitem>
[faf325d]391 <para>
392 is used to list the users in the SASL password database
[4c24eb0a]393 <filename>sasldb2</filename>
[faf325d]394 </para>
[1cc0752]395 <indexterm zone="cyrus-sasl sasldblistusers2">
396 <primary sortas="b-sasldblistusers2">sasldblistusers2</primary>
397 </indexterm>
398 </listitem>
399 </varlistentry>
400
401 <varlistentry id="saslpasswd2">
402 <term><command>saslpasswd2</command></term>
403 <listitem>
[faf325d]404 <para>
405 is used to set and delete a user's SASL password and
406 mechanism specific secrets in the SASL password
[4c24eb0a]407 database <filename>sasldb2</filename>
[faf325d]408 </para>
[1cc0752]409 <indexterm zone="cyrus-sasl saslpasswd2">
410 <primary sortas="b-saslpasswd2">saslpasswd2</primary>
411 </indexterm>
412 </listitem>
413 </varlistentry>
414
[fae66a0]415 <varlistentry id="testsaslauthd">
416 <term><command>testsaslauthd</command></term>
417 <listitem>
[faf325d]418 <para>
[4c24eb0a]419 is a test utility for the SASL authentication server
[faf325d]420 </para>
[fae66a0]421 <indexterm zone="cyrus-sasl testsaslauthd">
422 <primary sortas="b-testsaslauthd">testsaslauthd</primary>
423 </indexterm>
424 </listitem>
425 </varlistentry>
426
[1cc0752]427 <varlistentry id="libsasl2">
[faf325d]428 <term><filename class="libraryfile">libsasl2.so</filename></term>
[1cc0752]429 <listitem>
[faf325d]430 <para>
431 is a general purpose authentication library for server
[4c24eb0a]432 and client applications
[faf325d]433 </para>
[1cc0752]434 <indexterm zone="cyrus-sasl libsasl2">
435 <primary sortas="c-libsasl2">libsasl2.so</primary>
436 </indexterm>
437 </listitem>
438 </varlistentry>
439
440 </variablelist>
441
442 </sect2>
443
444</sect1>
Note: See TracBrowser for help on using the repository browser.