source: postlfs/security/cyrus-sasl.xml@ 45ab6c7

11.0 11.1 11.2 11.3 12.0 12.1 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since 45ab6c7 was 45ab6c7, checked in by Xi Ruoyao <xry111@…>, 3 years ago

more SVN prop clean up

Remove "$LastChanged$" everywhere, and also some unused $Date$
  • Property mode set to 100644
File size: 14.3 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY cyrus-sasl-download-http "https://github.com/cyrusimap/cyrus-sasl/releases/download/cyrus-sasl-&cyrus-sasl-version;/cyrus-sasl-&cyrus-sasl-version;.tar.gz">
8 <!ENTITY cyrus-sasl-download-ftp " ">
9 <!ENTITY cyrus-sasl-md5sum "a33820c66e0622222c5aefafa1581083">
10 <!ENTITY cyrus-sasl-size "3.9 MB">
11 <!ENTITY cyrus-sasl-buildsize "26 MB">
12 <!ENTITY cyrus-sasl-time "0.1 SBU">
13]>
14
15<sect1 id="cyrus-sasl" xreflabel="Cyrus SASL-&cyrus-sasl-version;">
16 <?dbhtml filename="cyrus-sasl.html"?>
17
18 <sect1info>
19 <date>$Date$</date>
20 </sect1info>
21
22 <title>Cyrus SASL-&cyrus-sasl-version;</title>
23
24 <indexterm zone="cyrus-sasl">
25 <primary sortas="a-Cyrus-SASL">Cyrus SASL</primary>
26 </indexterm>
27
28 <sect2 role="package">
29 <title>Introduction to Cyrus SASL</title>
30
31 <para>
32 The <application>Cyrus SASL</application> package contains a Simple
33 Authentication and Security Layer, a method for adding authentication
34 support to connection-based protocols. To use SASL, a protocol includes
35 a command for identifying and authenticating a user to a server and for
36 optionally negotiating protection of subsequent protocol interactions.
37 If its use is negotiated, a security layer is inserted between the
38 protocol and the connection.
39 </para>
40
41 &lfs101_checked;
42
43 <!-- To test this package at freeze, run the following command:
44 testsaslauthd -u <current user> -p <password>
45 after saslauthd is started. -->
46 <bridgehead renderas="sect3">Package Information</bridgehead>
47 <itemizedlist spacing="compact">
48 <listitem>
49 <para>
50 Download (HTTP): <ulink url="&cyrus-sasl-download-http;"/>
51 </para>
52 </listitem>
53 <listitem>
54 <para>
55 Download (FTP): <ulink url="&cyrus-sasl-download-ftp;"/>
56 </para>
57 </listitem>
58 <listitem>
59 <para>
60 Download MD5 sum: &cyrus-sasl-md5sum;
61 </para>
62 </listitem>
63 <listitem>
64 <para>
65 Download size: &cyrus-sasl-size;
66 </para>
67 </listitem>
68 <listitem>
69 <para>
70 Estimated disk space required: &cyrus-sasl-buildsize;
71 </para>
72 </listitem>
73 <listitem>
74 <para>
75 Estimated build time: &cyrus-sasl-time;
76 </para>
77 </listitem>
78 </itemizedlist>
79
80 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
81 <itemizedlist spacing="compact">
82 <listitem>
83 <para>
84 Required patch:
85 <ulink url="&patch-root;/cyrus-sasl-&cyrus-sasl-version;-doc_fixes-1.patch"/>
86 </para>
87 </listitem>
88 <!--<listitem>
89 <para>
90 Required patch:
91 <ulink url="&patch-root;/cyrus-sasl-&cyrus-sasl-version;-openssl-1.1.0-1.patch"/>
92 </para>
93 </listitem>-->
94 </itemizedlist>
95
96 <bridgehead renderas="sect3">Cyrus SASL Dependencies</bridgehead>
97
98 <bridgehead renderas="sect4">Recommended</bridgehead>
99 <para role="recommended">
100 <xref linkend="db"/>
101 </para>
102
103 <bridgehead renderas="sect4">Optional</bridgehead>
104 <para role="optional">
105 <xref linkend="linux-pam"/>,
106 <xref linkend="mitkrb"/>,
107 <xref linkend="mariadb"/> or <ulink url="http://www.mysql.com/">MySQL</ulink>,
108 <xref linkend="openjdk"/>,
109 <xref linkend="openldap"/>,
110 <xref linkend="postgresql"/>,
111 <xref linkend="sqlite"/>,
112 <ulink url="https://stuff.mit.edu/afs/net.mit.edu/project/attic/krb4/">krb4</ulink>,
113 <ulink url="http://dmalloc.com/">Dmalloc</ulink>,
114 <ulink url="https://metacpan.org/pod/Pod::POM::View::Restructured">Pod::POM::View::Restructured</ulink>,
115 and <ulink url="https://pypi.org/project/Sphinx">Sphinx</ulink>
116 </para>
117
118 <para condition="html" role="usernotes">User Notes:
119 <ulink url="&blfs-wiki;/cyrus-sasl"/>
120 </para>
121 </sect2>
122
123 <sect2 role="installation">
124 <title>Installation of Cyrus SASL</title>
125
126 <note>
127 <para>
128 This package does not support parallel build.
129 </para>
130 </note>
131
132 <!-- Without this patch, having Sphinx and/or doctools (doctools not tested)
133 on the system causes an FTBFS when man pages are generated. The Sphinx
134 and Docutils API has changed significantly between Sphinx-{1,2} and
135 Sphinx-3.0. -->
136
137 <para>
138 First, fix a build failure if Sphinx or
139 <xref role="nodep" linkend="docutils"/> is installed on the system:
140 </para>
141
142<screen><userinput remap="pre">patch -Np1 -i ../cyrus-sasl-2.1.27-doc_fixes-1.patch</userinput></screen>
143
144 <para>
145 Install <application>Cyrus SASL</application> by
146 running the following commands:
147 </para>
148
149<screen><userinput>./configure --prefix=/usr \
150 --sysconfdir=/etc \
151 --enable-auth-sasldb \
152 --with-dbpath=/var/lib/sasl/sasldb2 \
153 --with-saslauthd=/var/run/saslauthd &amp;&amp;
154make -j1</userinput></screen>
155
156 <para>
157 This package does not come with a test suite. If you are planning
158 on using the GSSAPI authentication mechanism, test
159 it after installing the package using the sample server and client
160 programs which were built in the preceding step. Instructions for
161 performing the tests can be found at
162 <ulink url="&hints-root;/downloads/files/cyrus-sasl.txt"/>.
163 </para>
164
165 <para>
166 Now, as the <systemitem class="username">root</systemitem> user:
167 </para>
168
169<screen role="root"><userinput>make install &amp;&amp;
170install -v -dm755 /usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/html &amp;&amp;
171install -v -m644 saslauthd/LDAP_SASLAUTHD /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; &amp;&amp;
172install -v -m644 doc/legacy/*.html /usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/html &amp;&amp;
173install -v -dm700 /var/lib/sasl</userinput></screen>
174
175 </sect2>
176
177 <sect2 role="commands">
178 <title>Command Explanations</title>
179
180 <para>
181 <parameter>--with-dbpath=/var/lib/sasl/sasldb2</parameter>: This
182 switch forces the <command>sasldb</command> database to be created
183 in <filename class="directory">/var/lib/sasl</filename> instead of
184 <filename class="directory">/etc</filename>.
185 </para>
186
187 <para>
188 <parameter>--with-saslauthd=/var/run/saslauthd</parameter>: This
189 switch forces <command>saslauthd</command> to use the FHS compliant
190 directory <filename class="directory">/var/run/saslauthd</filename>
191 for variable run-time data.
192 </para>
193
194 <para>
195 <parameter>--enable-auth-sasldb</parameter>: This switch enables
196 SASLDB authentication backend.
197 </para>
198
199 <para>
200 <option>--with-dblib=gdbm</option>: This switch forces
201 <application>GDBM</application> to be used instead of
202 <application>Berkeley DB</application>.
203 </para>
204
205 <para>
206 <option>--with-ldap</option>: This switch enables the
207 <application>OpenLDAP</application> support.
208 </para>
209
210 <para>
211 <option>--enable-ldapdb</option>: This switch enables the
212 LDAPDB authentication backend. There is a circular dependency with this
213 parameter. See <ulink url="&blfs-wiki;/cyrus-sasl"/> for a solution to
214 this problem.
215 </para>
216
217 <para>
218 <option>--enable-java</option>: This switch enables compiling of the
219 <application>Java</application> support libraries.
220 </para>
221
222 <para>
223 <option>--enable-login</option>: This option enables unsupported
224 LOGIN authentication.
225 </para>
226
227 <para>
228 <option>--enable-ntlm</option>: This option enables unsupported
229 NTLM authentication.
230 </para>
231
232 <para>
233 <command>install -v -m644 ...</command>: These commands
234 install documentation which is not installed by the
235 <command>make install</command> command.
236 </para>
237
238 <para>
239 <command>install -v -m700 -d /var/lib/sasl</command>: This directory
240 must exist when starting <command>saslauthd</command> or using the
241 sasldb plugin. If you're not going to be running the daemon or
242 using the plugins, you may omit the creation of this directory.
243 </para>
244
245 </sect2>
246
247 <sect2 role="configuration">
248 <title>Configuring Cyrus SASL</title>
249
250 <sect3 id="cyrus-sasl-config">
251 <title>Config Files</title>
252
253 <para>
254 <filename>/etc/saslauthd.conf</filename>
255 (for <command>saslauthd</command> LDAP configuration) and
256 <filename>/etc/sasl2/Appname.conf</filename>
257 (where "Appname" is the application defined name of the application)
258 </para>
259
260 <indexterm zone="cyrus-sasl cyrus-sasl-config">
261 <primary sortas="e-etc-saslauthd.conf">/etc/saslauthd.conf</primary>
262 </indexterm>
263
264 </sect3>
265
266 <sect3>
267 <title>Configuration Information</title>
268
269 <para>
270 See
271 <ulink url="https://www.cyrusimap.org/sasl/sasl/sysadmin.html"/>
272 for information on what to include in the application configuration files.
273 </para>
274
275 <para>
276 See
277 <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/LDAP_SASLAUTHD"/>
278 for configuring <command>saslauthd</command> with
279 <application>OpenLDAP</application>.
280 </para>
281
282 <para>
283 See
284 <ulink url="https://www.cyrusimap.org/sasl/sasl/gssapi.html#gssapi"/>
285 for configuring <command>saslauthd</command> with <application>Kerberos</application>.
286 </para>
287
288 </sect3>
289
290 <sect3 id="cyrus-sasl-init">
291 <title><phrase revision="sysv">Init Script</phrase>
292 <phrase revision="systemd">Systemd Unit</phrase></title>
293
294 <para revision="sysv">
295 If you need to run the <command>saslauthd</command> daemon at system
296 startup, install the <filename>/etc/rc.d/init.d/saslauthd</filename>
297 init script included in the
298 <xref linkend="bootscripts"/> package using the following command:
299 </para>
300
301 <para revision="systemd">
302 If you need to run the <command>saslauthd</command> daemon at system
303 startup, install the <filename>saslauthd.service</filename> unit
304 included in the <xref linkend="systemd-units"/> package using the
305 following command:
306 </para>
307
308 <indexterm zone="cyrus-sasl cyrus-sasl-init">
309 <primary sortas="f-saslauthd">saslauthd</primary>
310 </indexterm>
311
312<screen role="root"><userinput>make install-saslauthd</userinput></screen>
313
314 <note>
315 <para>
316 You'll need to modify
317 <filename revision="sysv">/etc/sysconfig/saslauthd</filename>
318 <filename revision="systemd">/etc/default/saslauthd</filename>
319 and modify the
320 <option revision="sysv">AUTHMECH</option>
321 <option revision="systemd">MECHANISM</option>
322 parameter with your desired authentication mechanism.
323 <phrase revision="systemd">The default authentication
324 mechanism is "shadow".</phrase>
325 </para>
326 </note>
327
328 </sect3>
329
330 </sect2>
331
332 <sect2 role="content">
333 <title>Contents</title>
334
335 <segmentedlist>
336 <segtitle>Installed Programs</segtitle>
337 <segtitle>Installed Library</segtitle>
338 <segtitle>Installed Directories</segtitle>
339
340 <seglistitem>
341 <seg>
342 pluginviewer, saslauthd, sasldblistusers2, saslpasswd2 and
343 testsaslauthd
344 </seg>
345 <seg>
346 libsasl2.so
347 </seg>
348 <seg>
349 /usr/include/sasl,
350 /usr/lib/sasl2,
351 /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; and
352 /var/lib/sasl
353 </seg>
354 </seglistitem>
355 </segmentedlist>
356
357 <variablelist>
358 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
359 <?dbfo list-presentation="list"?>
360 <?dbhtml list-presentation="table"?>
361
362 <varlistentry id="pluginviewer">
363 <term><command>pluginviewer</command></term>
364 <listitem>
365 <para>
366 is used to list loadable SASL plugins and their properties
367 </para>
368 <indexterm zone="cyrus-sasl pluginviewer">
369 <primary sortas="b-pluginviewer">pluginviewer</primary>
370 </indexterm>
371 </listitem>
372 </varlistentry>
373
374 <varlistentry id="saslauthd">
375 <term><command>saslauthd</command></term>
376 <listitem>
377 <para>
378 is the SASL authentication server
379 </para>
380 <indexterm zone="cyrus-sasl saslauthd">
381 <primary sortas="b-saslauthd">saslauthd</primary>
382 </indexterm>
383 </listitem>
384 </varlistentry>
385
386 <varlistentry id="sasldblistusers2">
387 <term><command>sasldblistusers2</command></term>
388 <listitem>
389 <para>
390 is used to list the users in the SASL password database
391 <filename>sasldb2</filename>
392 </para>
393 <indexterm zone="cyrus-sasl sasldblistusers2">
394 <primary sortas="b-sasldblistusers2">sasldblistusers2</primary>
395 </indexterm>
396 </listitem>
397 </varlistentry>
398
399 <varlistentry id="saslpasswd2">
400 <term><command>saslpasswd2</command></term>
401 <listitem>
402 <para>
403 is used to set and delete a user's SASL password and
404 mechanism specific secrets in the SASL password
405 database <filename>sasldb2</filename>
406 </para>
407 <indexterm zone="cyrus-sasl saslpasswd2">
408 <primary sortas="b-saslpasswd2">saslpasswd2</primary>
409 </indexterm>
410 </listitem>
411 </varlistentry>
412
413 <varlistentry id="testsaslauthd">
414 <term><command>testsaslauthd</command></term>
415 <listitem>
416 <para>
417 is a test utility for the SASL authentication server
418 </para>
419 <indexterm zone="cyrus-sasl testsaslauthd">
420 <primary sortas="b-testsaslauthd">testsaslauthd</primary>
421 </indexterm>
422 </listitem>
423 </varlistentry>
424
425 <varlistentry id="libsasl2">
426 <term><filename class="libraryfile">libsasl2.so</filename></term>
427 <listitem>
428 <para>
429 is a general purpose authentication library for server
430 and client applications
431 </para>
432 <indexterm zone="cyrus-sasl libsasl2">
433 <primary sortas="c-libsasl2">libsasl2.so</primary>
434 </indexterm>
435 </listitem>
436 </varlistentry>
437
438 </variablelist>
439
440 </sect2>
441
442</sect1>
Note: See TracBrowser for help on using the repository browser.