source: postlfs/security/cyrus-sasl.xml@ 4483a9a

11.2 11.3 12.0 12.1 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk xry111/intltool xry111/llvm18 xry111/soup3 xry111/xf86-video-removal
Last change on this file since 4483a9a was 4483a9a, checked in by Douglas R. Reno <renodr@…>, 2 years ago

Package updates and a security fix

Fix CVE-2021-4115 in Polkit
Update to cyrus-sasl-2.1.28 (Security Update)
Update to flac-1.3.4 (Security Update)
Update to seamonkey-2.53.11 (Security Update)
  • Property mode set to 100644
File size: 14.5 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY cyrus-sasl-download-http "https://github.com/cyrusimap/cyrus-sasl/releases/download/cyrus-sasl-&cyrus-sasl-version;/cyrus-sasl-&cyrus-sasl-version;.tar.gz">
8 <!ENTITY cyrus-sasl-download-ftp " ">
9 <!ENTITY cyrus-sasl-md5sum "6f228a692516f5318a64505b46966cfa">
10 <!ENTITY cyrus-sasl-size "3.9 MB">
11 <!ENTITY cyrus-sasl-buildsize "28 MB">
12 <!ENTITY cyrus-sasl-time "0.2 SBU">
13]>
14
15<sect1 id="cyrus-sasl" xreflabel="Cyrus SASL-&cyrus-sasl-version;">
16 <?dbhtml filename="cyrus-sasl.html"?>
17
18 <sect1info>
19 <date>$Date$</date>
20 </sect1info>
21
22 <title>Cyrus SASL-&cyrus-sasl-version;</title>
23
24 <indexterm zone="cyrus-sasl">
25 <primary sortas="a-Cyrus-SASL">Cyrus SASL</primary>
26 </indexterm>
27
28 <sect2 role="package">
29 <title>Introduction to Cyrus SASL</title>
30
31 <para>
32 The <application>Cyrus SASL</application> package contains a Simple
33 Authentication and Security Layer implementation, a method for adding
34 authentication support to connection-based protocols. To use SASL, a
35 protocol includes a command for identifying and authenticating a user to
36 a server and for optionally negotiating protection of subsequent protocol
37 interactions. If its use is negotiated, a security layer is inserted
38 between the protocol and the connection.
39 </para>
40
41 &lfs111_checked;
42
43 <!-- To test this package at freeze, run the following command:
44 testsaslauthd -u <current user> -p <password>
45 after saslauthd is started. -->
46 <bridgehead renderas="sect3">Package Information</bridgehead>
47 <itemizedlist spacing="compact">
48 <listitem>
49 <para>
50 Download (HTTP): <ulink url="&cyrus-sasl-download-http;"/>
51 </para>
52 </listitem>
53 <listitem>
54 <para>
55 Download (FTP): <ulink url="&cyrus-sasl-download-ftp;"/>
56 </para>
57 </listitem>
58 <listitem>
59 <para>
60 Download MD5 sum: &cyrus-sasl-md5sum;
61 </para>
62 </listitem>
63 <listitem>
64 <para>
65 Download size: &cyrus-sasl-size;
66 </para>
67 </listitem>
68 <listitem>
69 <para>
70 Estimated disk space required: &cyrus-sasl-buildsize;
71 </para>
72 </listitem>
73 <listitem>
74 <para>
75 Estimated build time: &cyrus-sasl-time;
76 </para>
77 </listitem>
78 </itemizedlist>
79
80 <!-- Not needed anymore
81 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
82 <itemizedlist spacing="compact">
83 <listitem>
84 <para>
85 Required patch:
86 <ulink url="&patch-root;/cyrus-sasl-&cyrus-sasl-version;-doc_fixes-1.patch"/>
87 </para>
88 </listitem>
89 <!- -<listitem>
90 <para>
91 Required patch:
92 <ulink url="&patch-root;/cyrus-sasl-&cyrus-sasl-version;-openssl-1.1.0-1.patch"/>
93 </para>
94 </listitem>- ->
95 </itemizedlist>
96 -->
97
98 <bridgehead renderas="sect3">Cyrus SASL Dependencies</bridgehead>
99
100 <bridgehead renderas="sect4">Recommended</bridgehead>
101 <para role="recommended">
102 <xref linkend="db"/>
103 </para>
104
105 <bridgehead renderas="sect4">Optional</bridgehead>
106 <para role="optional">
107 <xref linkend="linux-pam"/>,
108 <xref linkend="mitkrb"/>,
109 <xref linkend="mariadb"/> or <ulink url="http://www.mysql.com/">MySQL</ulink>,
110 <xref linkend="openjdk"/>,
111 <xref linkend="openldap"/>,
112 <xref linkend="postgresql"/>,
113 <xref linkend="sqlite"/>,
114 <ulink url="https://stuff.mit.edu/afs/net.mit.edu/project/attic/krb4/">krb4</ulink>,
115 <ulink url="http://dmalloc.com/">Dmalloc</ulink>,
116 <ulink url="https://metacpan.org/pod/Pod::POM::View::Restructured">Pod::POM::View::Restructured</ulink>,
117 and <ulink url="https://pypi.org/project/Sphinx">Sphinx</ulink>
118 </para>
119
120 <para condition="html" role="usernotes">User Notes:
121 <ulink url="&blfs-wiki;/cyrus-sasl"/>
122 </para>
123 </sect2>
124
125 <sect2 role="installation">
126 <title>Installation of Cyrus SASL</title>
127
128 <note>
129 <para>
130 This package does not support parallel build.
131 </para>
132 </note>
133
134 <!-- Without this patch, having Sphinx and/or doctools (doctools not tested)
135 on the system causes an FTBFS when man pages are generated. The Sphinx
136 and Docutils API has changed significantly between Sphinx-{1,2} and
137 Sphinx-3.0.
138
139 <para>
140 First, fix a build failure if Sphinx or
141 <xref role="nodep" linkend="docutils"/> is installed on the system:
142 </para>
143
144<screen><userinput remap="pre">patch -Np1 -i ../cyrus-sasl-2.1.27-doc_fixes-1.patch</userinput></screen>
145 -->
146
147 <para>
148 Install <application>Cyrus SASL</application> by
149 running the following commands:
150 </para>
151
152<screen><userinput>./configure --prefix=/usr \
153 --sysconfdir=/etc \
154 --enable-auth-sasldb \
155 --with-dbpath=/var/lib/sasl/sasldb2 \
156 --with-sphinx-build=no \
157 --with-saslauthd=/var/run/saslauthd &amp;&amp;
158make -j1</userinput></screen>
159
160 <para>
161 This package does not come with a test suite. If you are planning
162 on using the GSSAPI authentication mechanism, test
163 it after installing the package using the sample server and client
164 programs which were built in the preceding step. Instructions for
165 performing the tests can be found at
166 <ulink url="&hints-root;/downloads/files/cyrus-sasl.txt"/>.
167 </para>
168
169 <para>
170 Now, as the <systemitem class="username">root</systemitem> user:
171 </para>
172
173<screen role="root"><userinput>make install &amp;&amp;
174install -v -dm755 /usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/html &amp;&amp;
175install -v -m644 saslauthd/LDAP_SASLAUTHD /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; &amp;&amp;
176install -v -m644 doc/legacy/*.html /usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/html &amp;&amp;
177install -v -dm700 /var/lib/sasl</userinput></screen>
178
179 </sect2>
180
181 <sect2 role="commands">
182 <title>Command Explanations</title>
183
184 <para>
185 <parameter>--with-dbpath=/var/lib/sasl/sasldb2</parameter>: This
186 switch forces the <command>sasldb</command> database to be created
187 in <filename class="directory">/var/lib/sasl</filename> instead of
188 <filename class="directory">/etc</filename>.
189 </para>
190
191 <para>
192 <parameter>--with-saslauthd=/var/run/saslauthd</parameter>: This
193 switch forces <command>saslauthd</command> to use the FHS compliant
194 directory <filename class="directory">/var/run/saslauthd</filename>
195 for variable run-time data.
196 </para>
197
198 <para>
199 <parameter>--enable-auth-sasldb</parameter>: This switch enables
200 SASLDB authentication backend.
201 </para>
202
203 <para>
204 <option>--with-dblib=gdbm</option>: This switch forces
205 <application>GDBM</application> to be used instead of
206 <application>Berkeley DB</application>.
207 </para>
208
209 <para>
210 <option>--with-ldap</option>: This switch enables the
211 <application>OpenLDAP</application> support.
212 </para>
213
214 <para>
215 <option>--enable-ldapdb</option>: This switch enables the
216 LDAPDB authentication backend. <!--There is a circular dependency with this
217 parameter. See <ulink url="&blfs-wiki;/cyrus-sasl"/> for a solution to
218 this problem.-->
219 </para>
220
221 <para>
222 <option>--enable-java</option>: This switch enables compiling of the
223 <application>Java</application> support libraries.
224 </para>
225
226 <para>
227 <option>--enable-login</option>: This option enables unsupported
228 LOGIN authentication.
229 </para>
230
231 <para>
232 <option>--enable-ntlm</option>: This option enables unsupported
233 NTLM authentication.
234 </para>
235
236 <para>
237 <command>install -v -m644 ...</command>: These commands
238 install documentation which is not installed by the
239 <command>make install</command> command.
240 </para>
241
242 <para>
243 <command>install -v -m700 -d /var/lib/sasl</command>: This directory
244 must exist when starting <command>saslauthd</command> or using the
245 sasldb plugin. If you're not going to be running the daemon or
246 using the plugins, you may omit the creation of this directory.
247 </para>
248
249 </sect2>
250
251 <sect2 role="configuration">
252 <title>Configuring Cyrus SASL</title>
253
254 <sect3 id="cyrus-sasl-config">
255 <title>Config Files</title>
256
257 <para>
258 <filename>/etc/saslauthd.conf</filename>
259 (for <command>saslauthd</command> LDAP configuration) and
260 <filename>/etc/sasl2/Appname.conf</filename>
261 (where "Appname" is the application defined name of the application)
262 </para>
263
264 <indexterm zone="cyrus-sasl cyrus-sasl-config">
265 <primary sortas="e-etc-saslauthd.conf">/etc/saslauthd.conf</primary>
266 </indexterm>
267
268 </sect3>
269
270 <sect3>
271 <title>Configuration Information</title>
272
273 <para>
274 See
275 <ulink url="https://www.cyrusimap.org/sasl/sasl/sysadmin.html"/>
276 for information on what to include in the application configuration files.
277 </para>
278
279 <para>
280 See
281 <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/LDAP_SASLAUTHD"/>
282 for configuring <command>saslauthd</command> with
283 <application>OpenLDAP</application>.
284 </para>
285
286 <para>
287 See
288 <ulink url="https://www.cyrusimap.org/sasl/sasl/gssapi.html#gssapi"/>
289 for configuring <command>saslauthd</command> with <application>Kerberos</application>.
290 </para>
291
292 </sect3>
293
294 <sect3 id="cyrus-sasl-init">
295 <title><phrase revision="sysv">Init Script</phrase>
296 <phrase revision="systemd">Systemd Unit</phrase></title>
297
298 <para revision="sysv">
299 If you need to run the <command>saslauthd</command> daemon at system
300 startup, install the <filename>/etc/rc.d/init.d/saslauthd</filename>
301 init script included in the
302 <xref linkend="bootscripts"/> package using the following command:
303 </para>
304
305 <para revision="systemd">
306 If you need to run the <command>saslauthd</command> daemon at system
307 startup, install the <filename>saslauthd.service</filename> unit
308 included in the <xref linkend="systemd-units"/> package using the
309 following command:
310 </para>
311
312 <indexterm zone="cyrus-sasl cyrus-sasl-init">
313 <primary sortas="f-saslauthd">saslauthd</primary>
314 </indexterm>
315
316<screen role="root"><userinput>make install-saslauthd</userinput></screen>
317
318 <note>
319 <para>
320 You'll need to modify
321 <filename revision="sysv">/etc/sysconfig/saslauthd</filename>
322 <filename revision="systemd">/etc/default/saslauthd</filename>
323 and modify the
324 <option revision="sysv">AUTHMECH</option>
325 <option revision="systemd">MECHANISM</option>
326 parameter with your desired authentication mechanism.
327 <phrase revision="systemd">The default authentication
328 mechanism is "shadow".</phrase>
329 </para>
330 </note>
331
332 </sect3>
333
334 </sect2>
335
336 <sect2 role="content">
337 <title>Contents</title>
338
339 <segmentedlist>
340 <segtitle>Installed Programs</segtitle>
341 <segtitle>Installed Library</segtitle>
342 <segtitle>Installed Directories</segtitle>
343
344 <seglistitem>
345 <seg>
346 pluginviewer, saslauthd, sasldblistusers2, saslpasswd2 and
347 testsaslauthd
348 </seg>
349 <seg>
350 libsasl2.so
351 </seg>
352 <seg>
353 /usr/include/sasl,
354 /usr/lib/sasl2,
355 /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; and
356 /var/lib/sasl
357 </seg>
358 </seglistitem>
359 </segmentedlist>
360
361 <variablelist>
362 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
363 <?dbfo list-presentation="list"?>
364 <?dbhtml list-presentation="table"?>
365
366 <varlistentry id="pluginviewer">
367 <term><command>pluginviewer</command></term>
368 <listitem>
369 <para>
370 is used to list loadable SASL plugins and their properties
371 </para>
372 <indexterm zone="cyrus-sasl pluginviewer">
373 <primary sortas="b-pluginviewer">pluginviewer</primary>
374 </indexterm>
375 </listitem>
376 </varlistentry>
377
378 <varlistentry id="saslauthd">
379 <term><command>saslauthd</command></term>
380 <listitem>
381 <para>
382 is the SASL authentication server
383 </para>
384 <indexterm zone="cyrus-sasl saslauthd">
385 <primary sortas="b-saslauthd">saslauthd</primary>
386 </indexterm>
387 </listitem>
388 </varlistentry>
389
390 <varlistentry id="sasldblistusers2">
391 <term><command>sasldblistusers2</command></term>
392 <listitem>
393 <para>
394 is used to list the users in the SASL password database
395 <filename>sasldb2</filename>
396 </para>
397 <indexterm zone="cyrus-sasl sasldblistusers2">
398 <primary sortas="b-sasldblistusers2">sasldblistusers2</primary>
399 </indexterm>
400 </listitem>
401 </varlistentry>
402
403 <varlistentry id="saslpasswd2">
404 <term><command>saslpasswd2</command></term>
405 <listitem>
406 <para>
407 is used to set and delete a user's SASL password and
408 mechanism specific secrets in the SASL password
409 database <filename>sasldb2</filename>
410 </para>
411 <indexterm zone="cyrus-sasl saslpasswd2">
412 <primary sortas="b-saslpasswd2">saslpasswd2</primary>
413 </indexterm>
414 </listitem>
415 </varlistentry>
416
417 <varlistentry id="testsaslauthd">
418 <term><command>testsaslauthd</command></term>
419 <listitem>
420 <para>
421 is a test utility for the SASL authentication server
422 </para>
423 <indexterm zone="cyrus-sasl testsaslauthd">
424 <primary sortas="b-testsaslauthd">testsaslauthd</primary>
425 </indexterm>
426 </listitem>
427 </varlistentry>
428
429 <varlistentry id="libsasl2">
430 <term><filename class="libraryfile">libsasl2.so</filename></term>
431 <listitem>
432 <para>
433 is a general purpose authentication library for server
434 and client applications
435 </para>
436 <indexterm zone="cyrus-sasl libsasl2">
437 <primary sortas="c-libsasl2">libsasl2.so</primary>
438 </indexterm>
439 </listitem>
440 </varlistentry>
441
442 </variablelist>
443
444 </sect2>
445
446</sect1>
Note: See TracBrowser for help on using the repository browser.