source: postlfs/security/cyrus-sasl.xml@ 41b674d

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 7.10 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since 41b674d was 31d6e38, checked in by Fernando de Oliveira <fernando@…>, 10 years ago

Cyrus SASL-2.1.26 and CVS-1.11.23: fix krb4 link invalid. Thanks to Chris Staub.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@12313 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 12.7 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY cyrus-sasl-download-http " ">
8 <!ENTITY cyrus-sasl-download-ftp "ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-&cyrus-sasl-version;.tar.gz">
9 <!ENTITY cyrus-sasl-md5sum "a7f4e5e559a0e37b3ffc438c9456e425">
10 <!ENTITY cyrus-sasl-size "5.0 MB">
11 <!ENTITY cyrus-sasl-buildsize "30 MB">
12 <!ENTITY cyrus-sasl-time "0.5 SBU">
13]>
14
15<sect1 id="cyrus-sasl" xreflabel="Cyrus SASL-&cyrus-sasl-version;">
16 <?dbhtml filename="cyrus-sasl.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>Cyrus SASL-&cyrus-sasl-version;</title>
24
25 <indexterm zone="cyrus-sasl">
26 <primary sortas="a-Cyrus-SASL">Cyrus SASL</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to Cyrus SASL</title>
31
32 <para>
33 The <application>Cyrus SASL</application> package contains a Simple
34 Authentication and Security Layer, a method for adding authentication
35 support to connection-based protocols. To use SASL, a protocol includes
36 a command for identifying and authenticating a user to a server and for
37 optionally negotiating protection of subsequent protocol interactions.
38 If its use is negotiated, a security layer is inserted between the
39 protocol and the connection.
40 </para>
41
42 &lfs74_checked;
43
44 <bridgehead renderas="sect3">Package Information</bridgehead>
45 <itemizedlist spacing="compact">
46 <listitem>
47 <para>
48 Download (HTTP): <ulink url="&cyrus-sasl-download-http;"/>
49 </para>
50 </listitem>
51 <listitem>
52 <para>
53 Download (FTP): <ulink url="&cyrus-sasl-download-ftp;"/>
54 </para>
55 </listitem>
56 <listitem>
57 <para>
58 Download MD5 sum: &cyrus-sasl-md5sum;
59 </para>
60 </listitem>
61 <listitem>
62 <para>
63 Download size: &cyrus-sasl-size;
64 </para>
65 </listitem>
66 <listitem>
67 <para>
68 Estimated disk space required: &cyrus-sasl-buildsize;
69 </para>
70 </listitem>
71 <listitem>
72 <para>
73 Estimated build time: &cyrus-sasl-time;
74 </para>
75 </listitem>
76 </itemizedlist>
77
78 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
79 <itemizedlist spacing="compact">
80 <listitem>
81 <para>
82 Required patch:
83 <ulink url="&patch-root;/cyrus-sasl-&cyrus-sasl-version;-fixes-1.patch"/>
84 </para>
85 </listitem>
86 </itemizedlist>
87
88 <bridgehead renderas="sect3">Cyrus SASL Dependencies</bridgehead>
89
90 <bridgehead renderas="sect4">Required</bridgehead>
91 <para role="required">
92 <xref linkend="openssl"/>
93 </para>
94
95 <bridgehead renderas="sect4">Recommended</bridgehead>
96 <para role="recommended">
97 <xref linkend="db"/>
98 </para>
99
100 <bridgehead renderas="sect4">Optional</bridgehead>
101 <para role="optional">
102 <xref linkend="linux-pam"/>,
103 <xref linkend="mitkrb"/>,
104 <xref linkend="mariadb"/> or <xref linkend="mysql"/>,
105 <xref linkend="openjdk"/>,
106 <xref linkend="openldap"/>,
107 <xref linkend="postgresql"/>,
108 <xref linkend="sqlite"/>,
109 <ulink url="ftp://ftp.pdc.kth.se/pub/krb/src/">krb4</ulink> and
110 <ulink url="http://dmalloc.com/">Dmalloc</ulink>
111 </para>
112
113 <para condition="html" role="usernotes">User Notes:
114 <ulink url="&blfs-wiki;/cyrus-sasl"/>
115 </para>
116 </sect2>
117
118 <sect2 role="installation">
119 <title>Installation of Cyrus SASL</title>
120
121 <para>
122 Install <application>Cyrus SASL</application> by
123 running the following commands:
124 </para>
125
126<screen><userinput>patch -Np1 -i ../cyrus-sasl-&cyrus-sasl-version;-fixes-1.patch &amp;&amp;
127autoreconf -fi &amp;&amp;
128pushd saslauthd
129autoreconf -fi &amp;&amp;
130popd
131./configure --prefix=/usr \
132 --sysconfdir=/etc \
133 --enable-auth-sasldb \
134 --with-dbpath=/var/lib/sasl/sasldb2 \
135 --with-saslauthd=/var/run/saslauthd \
136 CFLAGS=-fPIC
137make</userinput></screen>
138
139 <para>
140 This package does not come with a test suite. If you are planning
141 on using the GSSAPI authentication mechanism, it is recommended to test
142 it after installing the package using the sample server and client
143 programs which were built in the preceding step. Instructions for
144 performing the tests can be found at
145 <ulink url="&hints-root;/downloads/files/cyrus-sasl.txt"/>.
146 </para>
147
148 <para>
149 Now, as the <systemitem class="username">root</systemitem> user:
150 </para>
151
152<screen role="root"><userinput>make install &amp;&amp;
153install -v -dm755 /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; &amp;&amp;
154install -v -m644 doc/{*.{html,txt,fig},ONEWS,TODO} \
155 saslauthd/LDAP_SASLAUTHD /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; &amp;&amp;
156install -v -dm700 /var/lib/sasl</userinput></screen>
157
158 </sect2>
159
160 <sect2 role="commands">
161 <title>Command Explanations</title>
162
163 <para>
164 <parameter>--with-dbpath=/var/lib/sasl/sasldb2</parameter>: This
165 switch forces the <command>sasldb</command> database to be created
166 in <filename class="directory">/var/lib/sasl</filename> instead of
167 <filename class="directory">/etc</filename>.
168 </para>
169
170 <para>
171 <parameter>--with-saslauthd=/var/run/saslauthd</parameter>: This
172 switch forces <command>saslauthd</command> to use the FHS compliant
173 directory <filename class="directory">/var/run/saslauthd</filename>
174 for variable run-time data.
175 </para>
176
177 <para>
178 <parameter>--enable-auth-sasldb</parameter>: This switch enables
179 SASLDB authentication backend.
180 </para>
181
182 <para>
183 <parameter>--with-dblib=gdbm</parameter>: This switch forces
184 <application>GDBM</application> to be used instead of
185 <application>Berkeley DB</application>.
186 </para>
187
188 <para>
189 <option>--with-ldap</option>: This switch enables the
190 <application>OpenLDAP</application> support.
191 </para>
192
193 <para>
194 <option>--enable-ldapdb</option>: This switch enables the
195 LDAPDB authentication backend. There is a circular dependency with this
196 parameter. See <ulink url="&blfs-wiki;/cyrus-sasl"/> for a solution to
197 this problem.
198 </para>
199
200 <para>
201 <option>--enable-java</option>: This switch enables compiling of the
202 <application>Java</application> support libraries.
203 </para>
204
205 <para>
206 <option>--enable-login</option>: This option enables unsupported
207 LOGIN authentication.
208 </para>
209
210 <para>
211 <option>--enable-ntlm</option>: This option enables unsupported
212 NTLM authentication.
213 </para>
214
215 <para>
216 <command>install -v -m644 ...</command>: These commands
217 install documentation which is not installed by the
218 <command>make install</command> command.
219 </para>
220
221 <para>
222 <command>install -v -m700 -d /var/lib/sasl</command>: This directory
223 must exist when starting <command>saslauthd</command> or using the
224 sasldb plugin. If you're not going to be running the daemon or
225 using the plugins, you may omit the creation of this directory.
226 </para>
227
228 </sect2>
229
230 <sect2 role="configuration">
231 <title>Configuring Cyrus SASL</title>
232
233 <sect3 id="cyrus-sasl-config">
234 <title>Config Files</title>
235
236 <para>
237 <filename>/etc/saslauthd.conf</filename>
238 (for <command>saslauthd</command> LDAP configuration) and
239 <filename>/etc/sasl2/Appname.conf</filename>
240 (where "Appname" is the application defined name of the application)
241 </para>
242
243 <indexterm zone="cyrus-sasl cyrus-sasl-config">
244 <primary sortas="e-etc-saslauthd.conf">/etc/saslauthd.conf</primary>
245 </indexterm>
246
247 </sect3>
248
249 <sect3>
250 <title>Configuration Information</title>
251
252 <para>
253 See
254 <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/sysadmin.html"/>
255 for information on what to include in the application configuration files.
256 </para>
257
258 <para>
259 See
260 <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/LDAP_SASLAUTHD"/>
261 for configuring <command>saslauthd</command> with
262 <application>OpenLDAP</application>.
263 </para>
264
265 <para>
266 See
267 <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/gssapi.html"/>
268 for configuring <command>saslauthd</command> with <application>Kerberos</application>.
269 </para>
270
271 </sect3>
272
273 <sect3 id="cyrus-sasl-init">
274 <title>Init Script</title>
275
276 <para>
277 If you need to run the <command>saslauthd</command> daemon at system
278 startup, install the <filename>/etc/rc.d/init.d/saslauthd</filename>
279 init script included in the <xref linkend="bootscripts"/>
280 package using the following command:
281 </para>
282
283 <indexterm zone="cyrus-sasl cyrus-sasl-init">
284 <primary sortas="f-saslauthd">saslauthd</primary>
285 </indexterm>
286
287<screen role="root"><userinput>make install-saslauthd</userinput></screen>
288
289 <note>
290 <para>
291 You'll need to modify /etc/sysconfig/saslauthd and replace the
292 <option><replaceable>AUTHMECH</replaceable></option> parameter
293 with your desired authentication mechanism.
294 </para>
295 </note>
296
297 </sect3>
298
299 </sect2>
300
301 <sect2 role="content">
302 <title>Contents</title>
303
304 <segmentedlist>
305 <segtitle>Installed Programs</segtitle>
306 <segtitle>Installed Library</segtitle>
307 <segtitle>Installed Directories</segtitle>
308
309 <seglistitem>
310 <seg>
311 pluginviewer, saslauthd, sasldblistusers2, saslpasswd2 and
312 testsaslauthd
313 </seg>
314 <seg>
315 libsasl2.so
316 </seg>
317 <seg>
318 /usr/include/sasl,
319 /usr/lib/sasl2,
320 /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; and
321 /var/lib/sasl
322 </seg>
323 </seglistitem>
324 </segmentedlist>
325
326 <variablelist>
327 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
328 <?dbfo list-presentation="list"?>
329 <?dbhtml list-presentation="table"?>
330
331 <varlistentry id="pluginviewer">
332 <term><command>pluginviewer</command></term>
333 <listitem>
334 <para>
335 is used to list loadable SASL plugins and their properties.
336 </para>
337 <indexterm zone="cyrus-sasl pluginviewer">
338 <primary sortas="b-pluginviewer">pluginviewer</primary>
339 </indexterm>
340 </listitem>
341 </varlistentry>
342
343 <varlistentry id="saslauthd">
344 <term><command>saslauthd</command></term>
345 <listitem>
346 <para>
347 is the SASL authentication server.
348 </para>
349 <indexterm zone="cyrus-sasl saslauthd">
350 <primary sortas="b-saslauthd">saslauthd</primary>
351 </indexterm>
352 </listitem>
353 </varlistentry>
354
355 <varlistentry id="sasldblistusers2">
356 <term><command>sasldblistusers2</command></term>
357 <listitem>
358 <para>
359 is used to list the users in the SASL password database
360 <filename>sasldb2</filename>.
361 </para>
362 <indexterm zone="cyrus-sasl sasldblistusers2">
363 <primary sortas="b-sasldblistusers2">sasldblistusers2</primary>
364 </indexterm>
365 </listitem>
366 </varlistentry>
367
368 <varlistentry id="saslpasswd2">
369 <term><command>saslpasswd2</command></term>
370 <listitem>
371 <para>
372 is used to set and delete a user's SASL password and
373 mechanism specific secrets in the SASL password
374 database <filename>sasldb2</filename>.
375 </para>
376 <indexterm zone="cyrus-sasl saslpasswd2">
377 <primary sortas="b-saslpasswd2">saslpasswd2</primary>
378 </indexterm>
379 </listitem>
380 </varlistentry>
381
382 <varlistentry id="testsaslauthd">
383 <term><command>testsaslauthd</command></term>
384 <listitem>
385 <para>
386 is a test utility for the SASL authentication server.
387 </para>
388 <indexterm zone="cyrus-sasl testsaslauthd">
389 <primary sortas="b-testsaslauthd">testsaslauthd</primary>
390 </indexterm>
391 </listitem>
392 </varlistentry>
393
394 <varlistentry id="libsasl2">
395 <term><filename class="libraryfile">libsasl2.so</filename></term>
396 <listitem>
397 <para>
398 is a general purpose authentication library for server
399 and client applications.
400 </para>
401 <indexterm zone="cyrus-sasl libsasl2">
402 <primary sortas="c-libsasl2">libsasl2.so</primary>
403 </indexterm>
404 </listitem>
405 </varlistentry>
406
407 </variablelist>
408
409 </sect2>
410
411</sect1>
Note: See TracBrowser for help on using the repository browser.