Context Navigation

source: postlfs/security/cyrus-sasl.xml@ 0f76bd9

Visit:

12.0 12.1 ken/TL2024 ken/tuningfonts lazarus plabs/newcss python3.11 rahul/power-profiles-daemon renodr/vulkan-addition trunk xry111/llvm18

Last change on this file since 0f76bd9 was c8b719a, checked in by Douglas R. Reno <renodr@…>, 10 months ago
Tags
Property mode set to `100644`
File size: 14.1 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY cyrus-sasl-download-http "https://github.com/cyrusimap/cyrus-sasl/releases/download/cyrus-sasl-&cyrus-sasl-version;/cyrus-sasl-&cyrus-sasl-version;.tar.gz">
8	<!ENTITY cyrus-sasl-download-ftp " ">
9	<!ENTITY cyrus-sasl-md5sum "6f228a692516f5318a64505b46966cfa">
10	<!ENTITY cyrus-sasl-size "3.9 MB">
11	<!ENTITY cyrus-sasl-buildsize "28 MB">
12	<!ENTITY cyrus-sasl-time "0.2 SBU">
13	]>
14
15	<sect1 id="cyrus-sasl" xreflabel="Cyrus SASL-&cyrus-sasl-version;">
16	<?dbhtml filename="cyrus-sasl.html"?>
17
18
19	<title>Cyrus SASL-&cyrus-sasl-version;</title>
20
21	<indexterm zone="cyrus-sasl">
22	<primary sortas="a-Cyrus-SASL">Cyrus SASL</primary>
23	</indexterm>
24
25	<sect2 role="package">
26	<title>Introduction to Cyrus SASL</title>
27
28	<para>
29	The <application>Cyrus SASL</application> package contains a Simple
30	Authentication and Security Layer implementation, a method for adding
31	authentication support to connection-based protocols. To use SASL, a
32	protocol includes a command for identifying and authenticating a user to
33	a server and for optionally negotiating protection of subsequent protocol
34	interactions. If its use is negotiated, a security layer is inserted
35	between the protocol and the connection.
36	</para>
37
38	&lfs120_checked;
39
40	<!-- To test this package at freeze, run the following command:
41	testsaslauthd -u <current user> -p <password>
42	after saslauthd is started. -->
43	<bridgehead renderas="sect3">Package Information</bridgehead>
44	<itemizedlist spacing="compact">
45	<listitem>
46	<para>
47	Download (HTTP): <ulink url="&cyrus-sasl-download-http;"/>
48	</para>
49	</listitem>
50	<listitem>
51	<para>
52	Download (FTP): <ulink url="&cyrus-sasl-download-ftp;"/>
53	</para>
54	</listitem>
55	<listitem>
56	<para>
57	Download MD5 sum: &cyrus-sasl-md5sum;
58	</para>
59	</listitem>
60	<listitem>
61	<para>
62	Download size: &cyrus-sasl-size;
63	</para>
64	</listitem>
65	<listitem>
66	<para>
67	Estimated disk space required: &cyrus-sasl-buildsize;
68	</para>
69	</listitem>
70	<listitem>
71	<para>
72	Estimated build time: &cyrus-sasl-time;
73	</para>
74	</listitem>
75	</itemizedlist>
76
77	<!-- Not needed anymore
78	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
79	<itemizedlist spacing="compact">
80	<listitem>
81	<para>
82	Required patch:
83	<ulink url="&patch-root;/cyrus-sasl-&cyrus-sasl-version;-doc_fixes-1.patch"/>
84	</para>
85	</listitem>
86	<!- -<listitem>
87	<para>
88	Required patch:
89	<ulink url="&patch-root;/cyrus-sasl-&cyrus-sasl-version;-openssl-1.1.0-1.patch"/>
90	</para>
91	</listitem>- ->
92	</itemizedlist>
93	-->
94
95	<bridgehead renderas="sect3">Cyrus SASL Dependencies</bridgehead>
96
97	<bridgehead renderas="sect4">Recommended</bridgehead>
98	<para role="recommended">
99	<xref linkend="db"/>
100	</para>
101
102	<bridgehead renderas="sect4">Optional</bridgehead>
103	<para role="optional">
104	<xref linkend="linux-pam"/>,
105	<xref linkend="mitkrb"/>,
106	<xref linkend="mariadb"/> or <ulink url="https://www.mysql.com/">MySQL</ulink>,
107	<xref linkend="openldap"/>,
108	<xref linkend="postgresql"/>,
109	<xref linkend="sphinx"/>,
110	<xref linkend="sqlite"/>,
111	<ulink url="https://stuff.mit.edu/afs/net.mit.edu/project/attic/krb4/">krb4</ulink>,
112	<ulink url="https://dmalloc.com/">Dmalloc</ulink>, and
113	<ulink url="https://metacpan.org/pod/Pod::POM::View::Restructured">Pod::POM::View::Restructured</ulink>
114	</para>
115
116	</sect2>
117
118	<sect2 role="installation">
119	<title>Installation of Cyrus SASL</title>
120
121	<note>
122	<para>
123	This package does not support parallel build.
124	</para>
125	</note>
126
127	<!-- Without this patch, having Sphinx and/or doctools (doctools not tested)
128	on the system causes an FTBFS when man pages are generated. The Sphinx
129	and Docutils API has changed significantly between Sphinx-{1,2} and
130	Sphinx-3.0.
131
132	<para>
133	First, fix a build failure if Sphinx or
134	<xref role="nodep" linkend="docutils"/> is installed on the system:
135	</para>
136
137	<screen><userinput remap="pre">patch -Np1 -i ../cyrus-sasl-2.1.27-doc_fixes-1.patch</userinput></screen>
138	-->
139
140	<para>
141	Install <application>Cyrus SASL</application> by
142	running the following commands:
143	</para>
144
145	<screen><userinput>./configure --prefix=/usr \
146	--sysconfdir=/etc \
147	--enable-auth-sasldb \
148	--with-dbpath=/var/lib/sasl/sasldb2 \
149	--with-sphinx-build=no \
150	--with-saslauthd=/var/run/saslauthd &&
151	make -j1</userinput></screen>
152
153	<para>
154	This package does not come with a test suite. If you are planning
155	on using the GSSAPI authentication mechanism, test
156	it after installing the package using the sample server and client
157	programs which were built in the preceding step. Instructions for
158	performing the tests can be found at
159	<ulink url="&hints-root;/downloads/files/cyrus-sasl.txt"/>.
160	</para>
161
162	<para>
163	Now, as the <systemitem class="username">root</systemitem> user:
164	</para>
165
166	<screen role="root"><userinput>make install &&
167	install -v -dm755 /usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/html &&
168	install -v -m644 saslauthd/LDAP_SASLAUTHD /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; &&
169	install -v -m644 doc/legacy/*.html /usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/html &&
170	install -v -dm700 /var/lib/sasl</userinput></screen>
171
172	</sect2>
173
174	<sect2 role="commands">
175	<title>Command Explanations</title>
176
177	<para>
178	<parameter>--with-dbpath=/var/lib/sasl/sasldb2</parameter>: This
179	switch forces the <command>sasldb</command> database to be created
180	in <filename class="directory">/var/lib/sasl</filename> instead of
181	<filename class="directory">/etc</filename>.
182	</para>
183
184	<para>
185	<parameter>--with-saslauthd=/var/run/saslauthd</parameter>: This
186	switch forces <command>saslauthd</command> to use the FHS compliant
187	directory <filename class="directory">/var/run/saslauthd</filename>
188	for variable run-time data.
189	</para>
190
191	<para>
192	<parameter>--enable-auth-sasldb</parameter>: This switch enables
193	SASLDB authentication backend.
194	</para>
195
196	<para>
197	<option>--with-dblib=gdbm</option>: This switch forces
198	<application>GDBM</application> to be used instead of
199	<application>Berkeley DB</application>.
200	</para>
201
202	<para>
203	<option>--with-ldap</option>: This switch enables the
204	<application>OpenLDAP</application> support.
205	</para>
206
207	<para>
208	<option>--enable-ldapdb</option>: This switch enables the
209	LDAPDB authentication backend.
210	</para>
211
212	<!-- Removed in 2.1.28
213	<para>
214	<option>- -enable-java</option>: This switch enables compiling of the
215	<application>Java</application> support libraries.
216	</para>
217	-->
218
219	<para>
220	<option>--enable-login</option>: This option enables unsupported
221	LOGIN authentication.
222	</para>
223
224	<para>
225	<option>--enable-ntlm</option>: This option enables unsupported
226	NTLM authentication.
227	</para>
228
229	<para>
230	<command>install -v -m644 ...</command>: These commands
231	install documentation which is not installed by the
232	<command>make install</command> command.
233	</para>
234
235	<para>
236	<command>install -v -m700 -d /var/lib/sasl</command>: This directory
237	must exist when starting <command>saslauthd</command> or using the
238	sasldb plugin. If you're not going to be running the daemon or
239	using the plugins, you may omit the creation of this directory.
240	</para>
241
242	</sect2>
243
244	<sect2 role="configuration">
245	<title>Configuring Cyrus SASL</title>
246
247	<sect3 id="cyrus-sasl-config">
248	<title>Config Files</title>
249
250	<para>
251	<filename>/etc/saslauthd.conf</filename>
252	(for <command>saslauthd</command> LDAP configuration) and
253	<filename>/etc/sasl2/Appname.conf</filename>
254	(where "Appname" is the application defined name of the application)
255	</para>
256
257	<indexterm zone="cyrus-sasl cyrus-sasl-config">
258	<primary sortas="e-etc-saslauthd.conf">/etc/saslauthd.conf</primary>
259	</indexterm>
260
261	</sect3>
262
263	<sect3>
264	<title>Configuration Information</title>
265
266	<para>
267	See
268	<ulink url="https://www.cyrusimap.org/sasl/sasl/sysadmin.html"/>
269	for information on what to include in the application configuration files.
270	</para>
271
272	<para>
273	See
274	<ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/LDAP_SASLAUTHD"/>
275	for configuring <command>saslauthd</command> with
276	<application>OpenLDAP</application>.
277	</para>
278
279	<para>
280	See
281	<ulink url="https://www.cyrusimap.org/sasl/sasl/gssapi.html#gssapi"/>
282	for configuring <command>saslauthd</command> with <application>Kerberos</application>.
283	</para>
284
285	</sect3>
286
287	<sect3 id="cyrus-sasl-init">
288	<title><phrase revision="sysv">Init Script</phrase>
289	<phrase revision="systemd">Systemd Unit</phrase></title>
290
291	<para revision="sysv">
292	If you need to run the <command>saslauthd</command> daemon at system
293	startup, install the <filename>/etc/rc.d/init.d/saslauthd</filename>
294	init script included in the
295	<xref linkend="bootscripts"/> package using the following command:
296	</para>
297
298	<para revision="systemd">
299	If you need to run the <command>saslauthd</command> daemon at system
300	startup, install the <filename>saslauthd.service</filename> unit
301	included in the <xref linkend="systemd-units"/> package using the
302	following command:
303	</para>
304
305	<indexterm zone="cyrus-sasl cyrus-sasl-init">
306	<primary sortas="f-saslauthd">saslauthd</primary>
307	</indexterm>
308
309	<screen role="root"><userinput>make install-saslauthd</userinput></screen>
310
311	<note>
312	<para>
313	You'll need to modify
314	<filename revision="sysv">/etc/sysconfig/saslauthd</filename>
315	<filename revision="systemd">/etc/default/saslauthd</filename>
316	and modify the
317	<option revision="sysv">AUTHMECH</option>
318	<option revision="systemd">MECHANISM</option>
319	parameter with your desired authentication mechanism.
320	<phrase revision="systemd">The default authentication
321	mechanism is "shadow".</phrase>
322	</para>
323	</note>
324
325	</sect3>
326
327	</sect2>
328
329	<sect2 role="content">
330	<title>Contents</title>
331
332	<segmentedlist>
333	<segtitle>Installed Programs</segtitle>
334	<segtitle>Installed Library</segtitle>
335	<segtitle>Installed Directories</segtitle>
336
337	<seglistitem>
338	<seg>
339	pluginviewer, saslauthd, sasldblistusers2, saslpasswd2 and
340	testsaslauthd
341	</seg>
342	<seg>
343	libsasl2.so
344	</seg>
345	<seg>
346	/usr/include/sasl,
347	/usr/lib/sasl2,
348	/usr/share/doc/cyrus-sasl-&cyrus-sasl-version; and
349	/var/lib/sasl
350	</seg>
351	</seglistitem>
352	</segmentedlist>
353
354	<variablelist>
355	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
356	<?dbfo list-presentation="list"?>
357	<?dbhtml list-presentation="table"?>
358
359	<varlistentry id="pluginviewer">
360	<term><command>pluginviewer</command></term>
361	<listitem>
362	<para>
363	is used to list loadable SASL plugins and their properties
364	</para>
365	<indexterm zone="cyrus-sasl pluginviewer">
366	<primary sortas="b-pluginviewer">pluginviewer</primary>
367	</indexterm>
368	</listitem>
369	</varlistentry>
370
371	<varlistentry id="saslauthd">
372	<term><command>saslauthd</command></term>
373	<listitem>
374	<para>
375	is the SASL authentication server
376	</para>
377	<indexterm zone="cyrus-sasl saslauthd">
378	<primary sortas="b-saslauthd">saslauthd</primary>
379	</indexterm>
380	</listitem>
381	</varlistentry>
382
383	<varlistentry id="sasldblistusers2">
384	<term><command>sasldblistusers2</command></term>
385	<listitem>
386	<para>
387	is used to list the users in the SASL password database
388	<filename>sasldb2</filename>
389	</para>
390	<indexterm zone="cyrus-sasl sasldblistusers2">
391	<primary sortas="b-sasldblistusers2">sasldblistusers2</primary>
392	</indexterm>
393	</listitem>
394	</varlistentry>
395
396	<varlistentry id="saslpasswd2">
397	<term><command>saslpasswd2</command></term>
398	<listitem>
399	<para>
400	is used to set and delete a user's SASL password and
401	mechanism specific secrets in the SASL password
402	database <filename>sasldb2</filename>
403	</para>
404	<indexterm zone="cyrus-sasl saslpasswd2">
405	<primary sortas="b-saslpasswd2">saslpasswd2</primary>
406	</indexterm>
407	</listitem>
408	</varlistentry>
409
410	<varlistentry id="testsaslauthd">
411	<term><command>testsaslauthd</command></term>
412	<listitem>
413	<para>
414	is a test utility for the SASL authentication server
415	</para>
416	<indexterm zone="cyrus-sasl testsaslauthd">
417	<primary sortas="b-testsaslauthd">testsaslauthd</primary>
418	</indexterm>
419	</listitem>
420	</varlistentry>
421
422	<varlistentry id="libsasl2">
423	<term><filename class="libraryfile">libsasl2.so</filename></term>
424	<listitem>
425	<para>
426	is a general purpose authentication library for server
427	and client applications
428	</para>
429	<indexterm zone="cyrus-sasl libsasl2">
430	<primary sortas="c-libsasl2">libsasl2.so</primary>
431	</indexterm>
432	</listitem>
433	</varlistentry>
434
435	</variablelist>
436
437	</sect2>
438
439	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: