source: postlfs/security/cyrus-sasl.xml@ 0e45aee

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since 0e45aee was 0e45aee, checked in by DJ Lucas <dj@…>, 7 years ago

tags

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@19053 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 13.5 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY cyrus-sasl-download-http " ">
8 <!ENTITY cyrus-sasl-download-ftp "ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-&cyrus-sasl-version;.tar.gz">
9 <!ENTITY cyrus-sasl-md5sum "a7f4e5e559a0e37b3ffc438c9456e425">
10 <!ENTITY cyrus-sasl-size "5.0 MB">
11 <!ENTITY cyrus-sasl-buildsize "30 MB">
12 <!ENTITY cyrus-sasl-time "0.5 SBU">
13]>
14
15<sect1 id="cyrus-sasl" xreflabel="Cyrus SASL-&cyrus-sasl-version;">
16 <?dbhtml filename="cyrus-sasl.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>Cyrus SASL-&cyrus-sasl-version;</title>
24
25 <indexterm zone="cyrus-sasl">
26 <primary sortas="a-Cyrus-SASL">Cyrus SASL</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to Cyrus SASL</title>
31
32 <para>
33 The <application>Cyrus SASL</application> package contains a Simple
34 Authentication and Security Layer, a method for adding authentication
35 support to connection-based protocols. To use SASL, a protocol includes
36 a command for identifying and authenticating a user to a server and for
37 optionally negotiating protection of subsequent protocol interactions.
38 If its use is negotiated, a security layer is inserted between the
39 protocol and the connection.
40 </para>
41
42 &lfs81_checked;
43
44 <bridgehead renderas="sect3">Package Information</bridgehead>
45 <itemizedlist spacing="compact">
46 <listitem>
47 <para>
48 Download (HTTP): <ulink url="&cyrus-sasl-download-http;"/>
49 </para>
50 </listitem>
51 <listitem>
52 <para>
53 Download (FTP): <ulink url="&cyrus-sasl-download-ftp;"/>
54 </para>
55 </listitem>
56 <listitem>
57 <para>
58 Download MD5 sum: &cyrus-sasl-md5sum;
59 </para>
60 </listitem>
61 <listitem>
62 <para>
63 Download size: &cyrus-sasl-size;
64 </para>
65 </listitem>
66 <listitem>
67 <para>
68 Estimated disk space required: &cyrus-sasl-buildsize;
69 </para>
70 </listitem>
71 <listitem>
72 <para>
73 Estimated build time: &cyrus-sasl-time;
74 </para>
75 </listitem>
76 </itemizedlist>
77
78 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
79 <itemizedlist spacing="compact">
80 <listitem>
81 <para>
82 Required patch:
83 <ulink url="&patch-root;/cyrus-sasl-&cyrus-sasl-version;-fixes-3.patch"/>
84 </para>
85 </listitem>
86 <listitem>
87 <para>
88 Required patch:
89 <ulink url="&patch-root;/cyrus-sasl-&cyrus-sasl-version;-openssl-1.1.0-1.patch"/>
90 </para>
91 </listitem>
92 </itemizedlist>
93
94 <bridgehead renderas="sect3">Cyrus SASL Dependencies</bridgehead>
95
96 <bridgehead renderas="sect4">Required</bridgehead>
97 <para role="required">
98 <xref linkend="openssl"/>
99 </para>
100
101 <bridgehead renderas="sect4">Recommended</bridgehead>
102 <para role="recommended">
103 <xref linkend="db"/>
104 </para>
105
106 <bridgehead renderas="sect4">Optional</bridgehead>
107 <para role="optional">
108 <xref linkend="linux-pam"/>,
109 <xref linkend="mitkrb"/>,
110 <xref linkend="mariadb"/> or <ulink url="http://www.mysql.com/">MySQL</ulink>,
111 <xref linkend="openjdk"/>,
112 <xref linkend="openldap"/>,
113 <xref linkend="postgresql"/>,
114 <xref linkend="sqlite"/>,
115 <ulink url="ftp://ftp.pdc.kth.se/pub/krb/src/">krb4</ulink> and
116 <ulink url="http://dmalloc.com/">Dmalloc</ulink>
117 </para>
118
119 <para condition="html" role="usernotes">User Notes:
120 <ulink url="&blfs-wiki;/cyrus-sasl"/>
121 </para>
122 </sect2>
123
124 <sect2 role="installation">
125 <title>Installation of Cyrus SASL</title>
126
127 <para>
128 Install <application>Cyrus SASL</application> by
129 running the following commands:
130 </para>
131
132<screen><userinput>patch -Np1 -i ../cyrus-sasl-&cyrus-sasl-version;-fixes-3.patch &amp;&amp;
133patch -Np1 -i ../cyrus-sasl-&cyrus-sasl-version;-openssl-1.1.0-1.patch &amp;&amp;
134autoreconf -fi &amp;&amp;
135
136./configure --prefix=/usr \
137 --sysconfdir=/etc \
138 --enable-auth-sasldb \
139 --with-dbpath=/var/lib/sasl/sasldb2 \
140 --with-saslauthd=/var/run/saslauthd &amp;&amp;
141make</userinput></screen>
142
143 <para>
144 This package does not come with a test suite. If you are planning
145 on using the GSSAPI authentication mechanism, it is recommended to test
146 it after installing the package using the sample server and client
147 programs which were built in the preceding step. Instructions for
148 performing the tests can be found at
149 <ulink url="&hints-root;/downloads/files/cyrus-sasl.txt"/>.
150 </para>
151
152 <para>
153 Now, as the <systemitem class="username">root</systemitem> user:
154 </para>
155
156<screen role="root"><userinput>make install &amp;&amp;
157install -v -dm755 /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; &amp;&amp;
158install -v -m644 doc/{*.{html,txt,fig},ONEWS,TODO} \
159 saslauthd/LDAP_SASLAUTHD /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; &amp;&amp;
160install -v -dm700 /var/lib/sasl</userinput></screen>
161
162 </sect2>
163
164 <sect2 role="commands">
165 <title>Command Explanations</title>
166
167 <para>
168 <parameter>--with-dbpath=/var/lib/sasl/sasldb2</parameter>: This
169 switch forces the <command>sasldb</command> database to be created
170 in <filename class="directory">/var/lib/sasl</filename> instead of
171 <filename class="directory">/etc</filename>.
172 </para>
173
174 <para>
175 <parameter>--with-saslauthd=/var/run/saslauthd</parameter>: This
176 switch forces <command>saslauthd</command> to use the FHS compliant
177 directory <filename class="directory">/var/run/saslauthd</filename>
178 for variable run-time data.
179 </para>
180
181 <para>
182 <parameter>--enable-auth-sasldb</parameter>: This switch enables
183 SASLDB authentication backend.
184 </para>
185
186 <para>
187 <option>--with-dblib=gdbm</option>: This switch forces
188 <application>GDBM</application> to be used instead of
189 <application>Berkeley DB</application>.
190 </para>
191
192 <para>
193 <option>--with-ldap</option>: This switch enables the
194 <application>OpenLDAP</application> support.
195 </para>
196
197 <para>
198 <option>--enable-ldapdb</option>: This switch enables the
199 LDAPDB authentication backend. There is a circular dependency with this
200 parameter. See <ulink url="&blfs-wiki;/cyrus-sasl"/> for a solution to
201 this problem.
202 </para>
203
204 <para>
205 <option>--enable-java</option>: This switch enables compiling of the
206 <application>Java</application> support libraries.
207 </para>
208
209 <para>
210 <option>--enable-login</option>: This option enables unsupported
211 LOGIN authentication.
212 </para>
213
214 <para>
215 <option>--enable-ntlm</option>: This option enables unsupported
216 NTLM authentication.
217 </para>
218
219 <para>
220 <command>install -v -m644 ...</command>: These commands
221 install documentation which is not installed by the
222 <command>make install</command> command.
223 </para>
224
225 <para>
226 <command>install -v -m700 -d /var/lib/sasl</command>: This directory
227 must exist when starting <command>saslauthd</command> or using the
228 sasldb plugin. If you're not going to be running the daemon or
229 using the plugins, you may omit the creation of this directory.
230 </para>
231
232 </sect2>
233
234 <sect2 role="configuration">
235 <title>Configuring Cyrus SASL</title>
236
237 <sect3 id="cyrus-sasl-config">
238 <title>Config Files</title>
239
240 <para>
241 <filename>/etc/saslauthd.conf</filename>
242 (for <command>saslauthd</command> LDAP configuration) and
243 <filename>/etc/sasl2/Appname.conf</filename>
244 (where "Appname" is the application defined name of the application)
245 </para>
246
247 <indexterm zone="cyrus-sasl cyrus-sasl-config">
248 <primary sortas="e-etc-saslauthd.conf">/etc/saslauthd.conf</primary>
249 </indexterm>
250
251 </sect3>
252
253 <sect3>
254 <title>Configuration Information</title>
255
256 <para>
257 See
258 <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/sysadmin.html"/>
259 for information on what to include in the application configuration files.
260 </para>
261
262 <para>
263 See
264 <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/LDAP_SASLAUTHD"/>
265 for configuring <command>saslauthd</command> with
266 <application>OpenLDAP</application>.
267 </para>
268
269 <para>
270 See
271 <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/gssapi.html"/>
272 for configuring <command>saslauthd</command> with <application>Kerberos</application>.
273 </para>
274
275 </sect3>
276
277 <sect3 id="cyrus-sasl-init">
278 <title><phrase revision="sysv">Init Script</phrase>
279 <phrase revision="systemd">Systemd Unit</phrase></title>
280
281 <para revision="sysv">
282 If you need to run the <command>saslauthd</command> daemon at system
283 startup, install the <filename>/etc/rc.d/init.d/saslauthd</filename>
284 init script included in the
285 <xref linkend="bootscripts"/> package using the following command:
286 </para>
287
288 <para revision="systemd">
289 If you need to run the <command>saslauthd</command> daemon at system
290 startup, install the <filename>saslauthd.service</filename> unit
291 included in the <xref linkend="systemd-units"/> package using the
292 following command:
293 </para>
294
295 <indexterm zone="cyrus-sasl cyrus-sasl-init">
296 <primary sortas="f-saslauthd">saslauthd</primary>
297 </indexterm>
298
299<screen role="root"><userinput>make install-saslauthd</userinput></screen>
300
301 <note>
302 <para>
303 You'll need to modify
304 <filename revision="sysv">/etc/sysconfig/saslauthd</filename>
305 <filename revision="systemd">/etc/default/saslauthd</filename>
306 and modify the
307 <option revision="sysv">AUTHMECH</option>
308 <option revision="systemd">MECHANISM</option>
309 parameter with your desired authentication mechanism.
310 </para>
311 </note>
312
313 </sect3>
314
315 </sect2>
316
317 <sect2 role="content">
318 <title>Contents</title>
319
320 <segmentedlist>
321 <segtitle>Installed Programs</segtitle>
322 <segtitle>Installed Library</segtitle>
323 <segtitle>Installed Directories</segtitle>
324
325 <seglistitem>
326 <seg>
327 pluginviewer, saslauthd, sasldblistusers2, saslpasswd2 and
328 testsaslauthd
329 </seg>
330 <seg>
331 libsasl2.so
332 </seg>
333 <seg>
334 /usr/include/sasl,
335 /usr/lib/sasl2,
336 /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; and
337 /var/lib/sasl
338 </seg>
339 </seglistitem>
340 </segmentedlist>
341
342 <variablelist>
343 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
344 <?dbfo list-presentation="list"?>
345 <?dbhtml list-presentation="table"?>
346
347 <varlistentry id="pluginviewer">
348 <term><command>pluginviewer</command></term>
349 <listitem>
350 <para>
351 is used to list loadable SASL plugins and their properties.
352 </para>
353 <indexterm zone="cyrus-sasl pluginviewer">
354 <primary sortas="b-pluginviewer">pluginviewer</primary>
355 </indexterm>
356 </listitem>
357 </varlistentry>
358
359 <varlistentry id="saslauthd">
360 <term><command>saslauthd</command></term>
361 <listitem>
362 <para>
363 is the SASL authentication server.
364 </para>
365 <indexterm zone="cyrus-sasl saslauthd">
366 <primary sortas="b-saslauthd">saslauthd</primary>
367 </indexterm>
368 </listitem>
369 </varlistentry>
370
371 <varlistentry id="sasldblistusers2">
372 <term><command>sasldblistusers2</command></term>
373 <listitem>
374 <para>
375 is used to list the users in the SASL password database
376 <filename>sasldb2</filename>.
377 </para>
378 <indexterm zone="cyrus-sasl sasldblistusers2">
379 <primary sortas="b-sasldblistusers2">sasldblistusers2</primary>
380 </indexterm>
381 </listitem>
382 </varlistentry>
383
384 <varlistentry id="saslpasswd2">
385 <term><command>saslpasswd2</command></term>
386 <listitem>
387 <para>
388 is used to set and delete a user's SASL password and
389 mechanism specific secrets in the SASL password
390 database <filename>sasldb2</filename>.
391 </para>
392 <indexterm zone="cyrus-sasl saslpasswd2">
393 <primary sortas="b-saslpasswd2">saslpasswd2</primary>
394 </indexterm>
395 </listitem>
396 </varlistentry>
397
398 <varlistentry id="testsaslauthd">
399 <term><command>testsaslauthd</command></term>
400 <listitem>
401 <para>
402 is a test utility for the SASL authentication server.
403 </para>
404 <indexterm zone="cyrus-sasl testsaslauthd">
405 <primary sortas="b-testsaslauthd">testsaslauthd</primary>
406 </indexterm>
407 </listitem>
408 </varlistentry>
409
410 <varlistentry id="libsasl2">
411 <term><filename class="libraryfile">libsasl2.so</filename></term>
412 <listitem>
413 <para>
414 is a general purpose authentication library for server
415 and client applications.
416 </para>
417 <indexterm zone="cyrus-sasl libsasl2">
418 <primary sortas="c-libsasl2">libsasl2.so</primary>
419 </indexterm>
420 </listitem>
421 </varlistentry>
422
423 </variablelist>
424
425 </sect2>
426
427</sect1>
Note: See TracBrowser for help on using the repository browser.