source: postlfs/security/cyrus-sasl.xml@ 179d426d

11.0 11.1 11.2 11.3 12.0 12.1 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since 179d426d was 179d426d, checked in by Bruce Dubbs <bdubbs@…>, 3 years ago

Tags and a glibc-2.24 update for postfix
  • Property mode set to 100644
File size: 14.4 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY cyrus-sasl-download-http "https://github.com/cyrusimap/cyrus-sasl/releases/download/cyrus-sasl-&cyrus-sasl-version;/cyrus-sasl-&cyrus-sasl-version;.tar.gz">
8 <!ENTITY cyrus-sasl-download-ftp " ">
9 <!ENTITY cyrus-sasl-md5sum "a33820c66e0622222c5aefafa1581083">
10 <!ENTITY cyrus-sasl-size "3.9 MB">
11 <!ENTITY cyrus-sasl-buildsize "26 MB">
12 <!ENTITY cyrus-sasl-time "0.1 SBU">
13]>
14
15<sect1 id="cyrus-sasl" xreflabel="Cyrus SASL-&cyrus-sasl-version;">
16 <?dbhtml filename="cyrus-sasl.html"?>
17
18 <sect1info>
19 <date>$Date$</date>
20 </sect1info>
21
22 <title>Cyrus SASL-&cyrus-sasl-version;</title>
23
24 <indexterm zone="cyrus-sasl">
25 <primary sortas="a-Cyrus-SASL">Cyrus SASL</primary>
26 </indexterm>
27
28 <sect2 role="package">
29 <title>Introduction to Cyrus SASL</title>
30
31 <para>
32 The <application>Cyrus SASL</application> package contains a Simple
33 Authentication and Security Layer, a method for adding authentication
34 support to connection-based protocols. To use SASL, a protocol includes
35 a command for identifying and authenticating a user to a server and for
36 optionally negotiating protection of subsequent protocol interactions.
37 If its use is negotiated, a security layer is inserted between the
38 protocol and the connection.
39 </para>
40
41 &lfs110_checked;
42
43 <!-- To test this package at freeze, run the following command:
44 testsaslauthd -u <current user> -p <password>
45 after saslauthd is started. -->
46 <bridgehead renderas="sect3">Package Information</bridgehead>
47 <itemizedlist spacing="compact">
48 <listitem>
49 <para>
50 Download (HTTP): <ulink url="&cyrus-sasl-download-http;"/>
51 </para>
52 </listitem>
53 <listitem>
54 <para>
55 Download (FTP): <ulink url="&cyrus-sasl-download-ftp;"/>
56 </para>
57 </listitem>
58 <listitem>
59 <para>
60 Download MD5 sum: &cyrus-sasl-md5sum;
61 </para>
62 </listitem>
63 <listitem>
64 <para>
65 Download size: &cyrus-sasl-size;
66 </para>
67 </listitem>
68 <listitem>
69 <para>
70 Estimated disk space required: &cyrus-sasl-buildsize;
71 </para>
72 </listitem>
73 <listitem>
74 <para>
75 Estimated build time: &cyrus-sasl-time;
76 </para>
77 </listitem>
78 </itemizedlist>
79
80 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
81 <itemizedlist spacing="compact">
82 <listitem>
83 <para>
84 Required patch:
85 <ulink url="&patch-root;/cyrus-sasl-&cyrus-sasl-version;-doc_fixes-1.patch"/>
86 </para>
87 </listitem>
88 <!--<listitem>
89 <para>
90 Required patch:
91 <ulink url="&patch-root;/cyrus-sasl-&cyrus-sasl-version;-openssl-1.1.0-1.patch"/>
92 </para>
93 </listitem>-->
94 </itemizedlist>
95
96 <bridgehead renderas="sect3">Cyrus SASL Dependencies</bridgehead>
97
98 <bridgehead renderas="sect4">Recommended</bridgehead>
99 <para role="recommended">
100 <xref linkend="db"/>
101 </para>
102
103 <bridgehead renderas="sect4">Optional</bridgehead>
104 <para role="optional">
105 <xref linkend="linux-pam"/>,
106 <xref linkend="mitkrb"/>,
107 <xref linkend="mariadb"/> or <ulink url="http://www.mysql.com/">MySQL</ulink>,
108 <xref linkend="openjdk"/>,
109 <xref linkend="openldap"/>,
110 <xref linkend="postgresql"/>,
111 <xref linkend="sqlite"/>,
112 <ulink url="https://stuff.mit.edu/afs/net.mit.edu/project/attic/krb4/">krb4</ulink>,
113 <ulink url="http://dmalloc.com/">Dmalloc</ulink>,
114 <ulink url="https://metacpan.org/pod/Pod::POM::View::Restructured">Pod::POM::View::Restructured</ulink>,
115 and <ulink url="https://pypi.org/project/Sphinx">Sphinx</ulink>
116 </para>
117
118 <para condition="html" role="usernotes">User Notes:
119 <ulink url="&blfs-wiki;/cyrus-sasl"/>
120 </para>
121 </sect2>
122
123 <sect2 role="installation">
124 <title>Installation of Cyrus SASL</title>
125
126 <note>
127 <para>
128 This package does not support parallel build.
129 </para>
130 </note>
131
132 <!-- Without this patch, having Sphinx and/or doctools (doctools not tested)
133 on the system causes an FTBFS when man pages are generated. The Sphinx
134 and Docutils API has changed significantly between Sphinx-{1,2} and
135 Sphinx-3.0. -->
136
137 <para>
138 First, fix a build failure if Sphinx or
139 <xref role="nodep" linkend="docutils"/> is installed on the system:
140 </para>
141
142<screen><userinput remap="pre">patch -Np1 -i ../cyrus-sasl-2.1.27-doc_fixes-1.patch</userinput></screen>
143
144 <para>
145 Install <application>Cyrus SASL</application> by
146 running the following commands:
147 </para>
148
149<screen><userinput>./configure --prefix=/usr \
150 --sysconfdir=/etc \
151 --enable-auth-sasldb \
152 --with-dbpath=/var/lib/sasl/sasldb2 \
153 --with-sphinx-build=no \
154 --with-saslauthd=/var/run/saslauthd &amp;&amp;
155make -j1</userinput></screen>
156
157 <para>
158 This package does not come with a test suite. If you are planning
159 on using the GSSAPI authentication mechanism, test
160 it after installing the package using the sample server and client
161 programs which were built in the preceding step. Instructions for
162 performing the tests can be found at
163 <ulink url="&hints-root;/downloads/files/cyrus-sasl.txt"/>.
164 </para>
165
166 <para>
167 Now, as the <systemitem class="username">root</systemitem> user:
168 </para>
169
170<screen role="root"><userinput>make install &amp;&amp;
171install -v -dm755 /usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/html &amp;&amp;
172install -v -m644 saslauthd/LDAP_SASLAUTHD /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; &amp;&amp;
173install -v -m644 doc/legacy/*.html /usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/html &amp;&amp;
174install -v -dm700 /var/lib/sasl</userinput></screen>
175
176 </sect2>
177
178 <sect2 role="commands">
179 <title>Command Explanations</title>
180
181 <para>
182 <parameter>--with-dbpath=/var/lib/sasl/sasldb2</parameter>: This
183 switch forces the <command>sasldb</command> database to be created
184 in <filename class="directory">/var/lib/sasl</filename> instead of
185 <filename class="directory">/etc</filename>.
186 </para>
187
188 <para>
189 <parameter>--with-saslauthd=/var/run/saslauthd</parameter>: This
190 switch forces <command>saslauthd</command> to use the FHS compliant
191 directory <filename class="directory">/var/run/saslauthd</filename>
192 for variable run-time data.
193 </para>
194
195 <para>
196 <parameter>--enable-auth-sasldb</parameter>: This switch enables
197 SASLDB authentication backend.
198 </para>
199
200 <para>
201 <option>--with-dblib=gdbm</option>: This switch forces
202 <application>GDBM</application> to be used instead of
203 <application>Berkeley DB</application>.
204 </para>
205
206 <para>
207 <option>--with-ldap</option>: This switch enables the
208 <application>OpenLDAP</application> support.
209 </para>
210
211 <para>
212 <option>--enable-ldapdb</option>: This switch enables the
213 LDAPDB authentication backend. There is a circular dependency with this
214 parameter. See <ulink url="&blfs-wiki;/cyrus-sasl"/> for a solution to
215 this problem.
216 </para>
217
218 <para>
219 <option>--enable-java</option>: This switch enables compiling of the
220 <application>Java</application> support libraries.
221 </para>
222
223 <para>
224 <option>--enable-login</option>: This option enables unsupported
225 LOGIN authentication.
226 </para>
227
228 <para>
229 <option>--enable-ntlm</option>: This option enables unsupported
230 NTLM authentication.
231 </para>
232
233 <para>
234 <command>install -v -m644 ...</command>: These commands
235 install documentation which is not installed by the
236 <command>make install</command> command.
237 </para>
238
239 <para>
240 <command>install -v -m700 -d /var/lib/sasl</command>: This directory
241 must exist when starting <command>saslauthd</command> or using the
242 sasldb plugin. If you're not going to be running the daemon or
243 using the plugins, you may omit the creation of this directory.
244 </para>
245
246 </sect2>
247
248 <sect2 role="configuration">
249 <title>Configuring Cyrus SASL</title>
250
251 <sect3 id="cyrus-sasl-config">
252 <title>Config Files</title>
253
254 <para>
255 <filename>/etc/saslauthd.conf</filename>
256 (for <command>saslauthd</command> LDAP configuration) and
257 <filename>/etc/sasl2/Appname.conf</filename>
258 (where "Appname" is the application defined name of the application)
259 </para>
260
261 <indexterm zone="cyrus-sasl cyrus-sasl-config">
262 <primary sortas="e-etc-saslauthd.conf">/etc/saslauthd.conf</primary>
263 </indexterm>
264
265 </sect3>
266
267 <sect3>
268 <title>Configuration Information</title>
269
270 <para>
271 See
272 <ulink url="https://www.cyrusimap.org/sasl/sasl/sysadmin.html"/>
273 for information on what to include in the application configuration files.
274 </para>
275
276 <para>
277 See
278 <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/LDAP_SASLAUTHD"/>
279 for configuring <command>saslauthd</command> with
280 <application>OpenLDAP</application>.
281 </para>
282
283 <para>
284 See
285 <ulink url="https://www.cyrusimap.org/sasl/sasl/gssapi.html#gssapi"/>
286 for configuring <command>saslauthd</command> with <application>Kerberos</application>.
287 </para>
288
289 </sect3>
290
291 <sect3 id="cyrus-sasl-init">
292 <title><phrase revision="sysv">Init Script</phrase>
293 <phrase revision="systemd">Systemd Unit</phrase></title>
294
295 <para revision="sysv">
296 If you need to run the <command>saslauthd</command> daemon at system
297 startup, install the <filename>/etc/rc.d/init.d/saslauthd</filename>
298 init script included in the
299 <xref linkend="bootscripts"/> package using the following command:
300 </para>
301
302 <para revision="systemd">
303 If you need to run the <command>saslauthd</command> daemon at system
304 startup, install the <filename>saslauthd.service</filename> unit
305 included in the <xref linkend="systemd-units"/> package using the
306 following command:
307 </para>
308
309 <indexterm zone="cyrus-sasl cyrus-sasl-init">
310 <primary sortas="f-saslauthd">saslauthd</primary>
311 </indexterm>
312
313<screen role="root"><userinput>make install-saslauthd</userinput></screen>
314
315 <note>
316 <para>
317 You'll need to modify
318 <filename revision="sysv">/etc/sysconfig/saslauthd</filename>
319 <filename revision="systemd">/etc/default/saslauthd</filename>
320 and modify the
321 <option revision="sysv">AUTHMECH</option>
322 <option revision="systemd">MECHANISM</option>
323 parameter with your desired authentication mechanism.
324 <phrase revision="systemd">The default authentication
325 mechanism is "shadow".</phrase>
326 </para>
327 </note>
328
329 </sect3>
330
331 </sect2>
332
333 <sect2 role="content">
334 <title>Contents</title>
335
336 <segmentedlist>
337 <segtitle>Installed Programs</segtitle>
338 <segtitle>Installed Library</segtitle>
339 <segtitle>Installed Directories</segtitle>
340
341 <seglistitem>
342 <seg>
343 pluginviewer, saslauthd, sasldblistusers2, saslpasswd2 and
344 testsaslauthd
345 </seg>
346 <seg>
347 libsasl2.so
348 </seg>
349 <seg>
350 /usr/include/sasl,
351 /usr/lib/sasl2,
352 /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; and
353 /var/lib/sasl
354 </seg>
355 </seglistitem>
356 </segmentedlist>
357
358 <variablelist>
359 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
360 <?dbfo list-presentation="list"?>
361 <?dbhtml list-presentation="table"?>
362
363 <varlistentry id="pluginviewer">
364 <term><command>pluginviewer</command></term>
365 <listitem>
366 <para>
367 is used to list loadable SASL plugins and their properties
368 </para>
369 <indexterm zone="cyrus-sasl pluginviewer">
370 <primary sortas="b-pluginviewer">pluginviewer</primary>
371 </indexterm>
372 </listitem>
373 </varlistentry>
374
375 <varlistentry id="saslauthd">
376 <term><command>saslauthd</command></term>
377 <listitem>
378 <para>
379 is the SASL authentication server
380 </para>
381 <indexterm zone="cyrus-sasl saslauthd">
382 <primary sortas="b-saslauthd">saslauthd</primary>
383 </indexterm>
384 </listitem>
385 </varlistentry>
386
387 <varlistentry id="sasldblistusers2">
388 <term><command>sasldblistusers2</command></term>
389 <listitem>
390 <para>
391 is used to list the users in the SASL password database
392 <filename>sasldb2</filename>
393 </para>
394 <indexterm zone="cyrus-sasl sasldblistusers2">
395 <primary sortas="b-sasldblistusers2">sasldblistusers2</primary>
396 </indexterm>
397 </listitem>
398 </varlistentry>
399
400 <varlistentry id="saslpasswd2">
401 <term><command>saslpasswd2</command></term>
402 <listitem>
403 <para>
404 is used to set and delete a user's SASL password and
405 mechanism specific secrets in the SASL password
406 database <filename>sasldb2</filename>
407 </para>
408 <indexterm zone="cyrus-sasl saslpasswd2">
409 <primary sortas="b-saslpasswd2">saslpasswd2</primary>
410 </indexterm>
411 </listitem>
412 </varlistentry>
413
414 <varlistentry id="testsaslauthd">
415 <term><command>testsaslauthd</command></term>
416 <listitem>
417 <para>
418 is a test utility for the SASL authentication server
419 </para>
420 <indexterm zone="cyrus-sasl testsaslauthd">
421 <primary sortas="b-testsaslauthd">testsaslauthd</primary>
422 </indexterm>
423 </listitem>
424 </varlistentry>
425
426 <varlistentry id="libsasl2">
427 <term><filename class="libraryfile">libsasl2.so</filename></term>
428 <listitem>
429 <para>
430 is a general purpose authentication library for server
431 and client applications
432 </para>
433 <indexterm zone="cyrus-sasl libsasl2">
434 <primary sortas="c-libsasl2">libsasl2.so</primary>
435 </indexterm>
436 </listitem>
437 </varlistentry>
438
439 </variablelist>
440
441 </sect2>
442
443</sect1>
Note: See TracBrowser for help on using the repository browser.