source: postlfs/security/cyrus-sasl.xml@ 49a84b8

10.0 10.1 11.0 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind ken/refactor-virt lazarus perl-modules qt5new trunk upgradedb xry111/git-date xry111/git-date-for-trunk xry111/git-date-test
Last change on this file since 49a84b8 was 49a84b8, checked in by Bruce Dubbs <bdubbs@…>, 3 years ago

Update to mariadb-10.3.9.
Update to Archive-Zip-1.62 (Perl Module).
Archive lxqt
Tags

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@20345 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 13.6 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY cyrus-sasl-download-http "https://www.cyrusimap.org/releases/cyrus-sasl-&cyrus-sasl-version;.tar.gz">
8 <!ENTITY cyrus-sasl-download-ftp " ">
9 <!ENTITY cyrus-sasl-md5sum "a7f4e5e559a0e37b3ffc438c9456e425">
10 <!ENTITY cyrus-sasl-size "5.0 MB">
11 <!ENTITY cyrus-sasl-buildsize "30 MB">
12 <!ENTITY cyrus-sasl-time "0.5 SBU">
13]>
14
15<sect1 id="cyrus-sasl" xreflabel="Cyrus SASL-&cyrus-sasl-version;">
16 <?dbhtml filename="cyrus-sasl.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>Cyrus SASL-&cyrus-sasl-version;</title>
24
25 <indexterm zone="cyrus-sasl">
26 <primary sortas="a-Cyrus-SASL">Cyrus SASL</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to Cyrus SASL</title>
31
32 <para>
33 The <application>Cyrus SASL</application> package contains a Simple
34 Authentication and Security Layer, a method for adding authentication
35 support to connection-based protocols. To use SASL, a protocol includes
36 a command for identifying and authenticating a user to a server and for
37 optionally negotiating protection of subsequent protocol interactions.
38 If its use is negotiated, a security layer is inserted between the
39 protocol and the connection.
40 </para>
41
42 &lfs83_checked;
43
44 <bridgehead renderas="sect3">Package Information</bridgehead>
45 <itemizedlist spacing="compact">
46 <listitem>
47 <para>
48 Download (HTTP): <ulink url="&cyrus-sasl-download-http;"/>
49 </para>
50 </listitem>
51 <listitem>
52 <para>
53 Download (FTP): <ulink url="&cyrus-sasl-download-ftp;"/>
54 </para>
55 </listitem>
56 <listitem>
57 <para>
58 Download MD5 sum: &cyrus-sasl-md5sum;
59 </para>
60 </listitem>
61 <listitem>
62 <para>
63 Download size: &cyrus-sasl-size;
64 </para>
65 </listitem>
66 <listitem>
67 <para>
68 Estimated disk space required: &cyrus-sasl-buildsize;
69 </para>
70 </listitem>
71 <listitem>
72 <para>
73 Estimated build time: &cyrus-sasl-time;
74 </para>
75 </listitem>
76 </itemizedlist>
77
78 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
79 <itemizedlist spacing="compact">
80 <listitem>
81 <para>
82 Required patch:
83 <ulink url="&patch-root;/cyrus-sasl-&cyrus-sasl-version;-fixes-3.patch"/>
84 </para>
85 </listitem>
86 <listitem>
87 <para>
88 Required patch:
89 <ulink url="&patch-root;/cyrus-sasl-&cyrus-sasl-version;-openssl-1.1.0-1.patch"/>
90 </para>
91 </listitem>
92 </itemizedlist>
93
94 <bridgehead renderas="sect3">Cyrus SASL Dependencies</bridgehead>
95<!--
96 <bridgehead renderas="sect4">Required</bridgehead>
97 <para role="required">
98 <xref linkend="openssl"/>
99 </para>
100-->
101 <bridgehead renderas="sect4">Recommended</bridgehead>
102 <para role="recommended">
103 <xref linkend="db"/>
104 </para>
105
106 <bridgehead renderas="sect4">Optional</bridgehead>
107 <para role="optional">
108 <xref linkend="linux-pam"/>,
109 <xref linkend="mitkrb"/>,
110 <xref linkend="mariadb"/> or <ulink url="http://www.mysql.com/">MySQL</ulink>,
111 <xref linkend="openjdk"/>,
112 <xref linkend="openldap"/>,
113 <xref linkend="postgresql"/>,
114 <xref linkend="sqlite"/>,
115 <ulink url="ftp://ftp.pdc.kth.se/pub/krb/src/">krb4</ulink> and
116 <ulink url="http://dmalloc.com/">Dmalloc</ulink>
117 </para>
118
119 <para condition="html" role="usernotes">User Notes:
120 <ulink url="&blfs-wiki;/cyrus-sasl"/>
121 </para>
122 </sect2>
123
124 <sect2 role="installation">
125 <title>Installation of Cyrus SASL</title>
126
127 <note>
128 <para>
129 This package does not support parallel build.
130 </para>
131 </note>
132
133 <para>
134 Install <application>Cyrus SASL</application> by
135 running the following commands:
136 </para>
137
138<screen><userinput>patch -Np1 -i ../cyrus-sasl-&cyrus-sasl-version;-fixes-3.patch &amp;&amp;
139patch -Np1 -i ../cyrus-sasl-&cyrus-sasl-version;-openssl-1.1.0-1.patch &amp;&amp;
140autoreconf -fi &amp;&amp;
141
142./configure --prefix=/usr \
143 --sysconfdir=/etc \
144 --enable-auth-sasldb \
145 --with-dbpath=/var/lib/sasl/sasldb2 \
146 --with-saslauthd=/var/run/saslauthd &amp;&amp;
147make -j1</userinput></screen>
148
149 <para>
150 This package does not come with a test suite. If you are planning
151 on using the GSSAPI authentication mechanism, it is recommended to test
152 it after installing the package using the sample server and client
153 programs which were built in the preceding step. Instructions for
154 performing the tests can be found at
155 <ulink url="&hints-root;/downloads/files/cyrus-sasl.txt"/>.
156 </para>
157
158 <para>
159 Now, as the <systemitem class="username">root</systemitem> user:
160 </para>
161
162<screen role="root"><userinput>make install &amp;&amp;
163install -v -dm755 /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; &amp;&amp;
164install -v -m644 doc/{*.{html,txt,fig},ONEWS,TODO} \
165 saslauthd/LDAP_SASLAUTHD /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; &amp;&amp;
166install -v -dm700 /var/lib/sasl</userinput></screen>
167
168 </sect2>
169
170 <sect2 role="commands">
171 <title>Command Explanations</title>
172
173 <para>
174 <parameter>--with-dbpath=/var/lib/sasl/sasldb2</parameter>: This
175 switch forces the <command>sasldb</command> database to be created
176 in <filename class="directory">/var/lib/sasl</filename> instead of
177 <filename class="directory">/etc</filename>.
178 </para>
179
180 <para>
181 <parameter>--with-saslauthd=/var/run/saslauthd</parameter>: This
182 switch forces <command>saslauthd</command> to use the FHS compliant
183 directory <filename class="directory">/var/run/saslauthd</filename>
184 for variable run-time data.
185 </para>
186
187 <para>
188 <parameter>--enable-auth-sasldb</parameter>: This switch enables
189 SASLDB authentication backend.
190 </para>
191
192 <para>
193 <option>--with-dblib=gdbm</option>: This switch forces
194 <application>GDBM</application> to be used instead of
195 <application>Berkeley DB</application>.
196 </para>
197
198 <para>
199 <option>--with-ldap</option>: This switch enables the
200 <application>OpenLDAP</application> support.
201 </para>
202
203 <para>
204 <option>--enable-ldapdb</option>: This switch enables the
205 LDAPDB authentication backend. There is a circular dependency with this
206 parameter. See <ulink url="&blfs-wiki;/cyrus-sasl"/> for a solution to
207 this problem.
208 </para>
209
210 <para>
211 <option>--enable-java</option>: This switch enables compiling of the
212 <application>Java</application> support libraries.
213 </para>
214
215 <para>
216 <option>--enable-login</option>: This option enables unsupported
217 LOGIN authentication.
218 </para>
219
220 <para>
221 <option>--enable-ntlm</option>: This option enables unsupported
222 NTLM authentication.
223 </para>
224
225 <para>
226 <command>install -v -m644 ...</command>: These commands
227 install documentation which is not installed by the
228 <command>make install</command> command.
229 </para>
230
231 <para>
232 <command>install -v -m700 -d /var/lib/sasl</command>: This directory
233 must exist when starting <command>saslauthd</command> or using the
234 sasldb plugin. If you're not going to be running the daemon or
235 using the plugins, you may omit the creation of this directory.
236 </para>
237
238 </sect2>
239
240 <sect2 role="configuration">
241 <title>Configuring Cyrus SASL</title>
242
243 <sect3 id="cyrus-sasl-config">
244 <title>Config Files</title>
245
246 <para>
247 <filename>/etc/saslauthd.conf</filename>
248 (for <command>saslauthd</command> LDAP configuration) and
249 <filename>/etc/sasl2/Appname.conf</filename>
250 (where "Appname" is the application defined name of the application)
251 </para>
252
253 <indexterm zone="cyrus-sasl cyrus-sasl-config">
254 <primary sortas="e-etc-saslauthd.conf">/etc/saslauthd.conf</primary>
255 </indexterm>
256
257 </sect3>
258
259 <sect3>
260 <title>Configuration Information</title>
261
262 <para>
263 See
264 <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/sysadmin.html"/>
265 for information on what to include in the application configuration files.
266 </para>
267
268 <para>
269 See
270 <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/LDAP_SASLAUTHD"/>
271 for configuring <command>saslauthd</command> with
272 <application>OpenLDAP</application>.
273 </para>
274
275 <para>
276 See
277 <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/gssapi.html"/>
278 for configuring <command>saslauthd</command> with <application>Kerberos</application>.
279 </para>
280
281 </sect3>
282
283 <sect3 id="cyrus-sasl-init">
284 <title><phrase revision="sysv">Init Script</phrase>
285 <phrase revision="systemd">Systemd Unit</phrase></title>
286
287 <para revision="sysv">
288 If you need to run the <command>saslauthd</command> daemon at system
289 startup, install the <filename>/etc/rc.d/init.d/saslauthd</filename>
290 init script included in the
291 <xref linkend="bootscripts"/> package using the following command:
292 </para>
293
294 <para revision="systemd">
295 If you need to run the <command>saslauthd</command> daemon at system
296 startup, install the <filename>saslauthd.service</filename> unit
297 included in the <xref linkend="systemd-units"/> package using the
298 following command:
299 </para>
300
301 <indexterm zone="cyrus-sasl cyrus-sasl-init">
302 <primary sortas="f-saslauthd">saslauthd</primary>
303 </indexterm>
304
305<screen role="root"><userinput>make install-saslauthd</userinput></screen>
306
307 <note>
308 <para>
309 You'll need to modify
310 <filename revision="sysv">/etc/sysconfig/saslauthd</filename>
311 <filename revision="systemd">/etc/default/saslauthd</filename>
312 and modify the
313 <option revision="sysv">AUTHMECH</option>
314 <option revision="systemd">MECHANISM</option>
315 parameter with your desired authentication mechanism.
316 </para>
317 </note>
318
319 </sect3>
320
321 </sect2>
322
323 <sect2 role="content">
324 <title>Contents</title>
325
326 <segmentedlist>
327 <segtitle>Installed Programs</segtitle>
328 <segtitle>Installed Library</segtitle>
329 <segtitle>Installed Directories</segtitle>
330
331 <seglistitem>
332 <seg>
333 pluginviewer, saslauthd, sasldblistusers2, saslpasswd2 and
334 testsaslauthd
335 </seg>
336 <seg>
337 libsasl2.so
338 </seg>
339 <seg>
340 /usr/include/sasl,
341 /usr/lib/sasl2,
342 /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; and
343 /var/lib/sasl
344 </seg>
345 </seglistitem>
346 </segmentedlist>
347
348 <variablelist>
349 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
350 <?dbfo list-presentation="list"?>
351 <?dbhtml list-presentation="table"?>
352
353 <varlistentry id="pluginviewer">
354 <term><command>pluginviewer</command></term>
355 <listitem>
356 <para>
357 is used to list loadable SASL plugins and their properties.
358 </para>
359 <indexterm zone="cyrus-sasl pluginviewer">
360 <primary sortas="b-pluginviewer">pluginviewer</primary>
361 </indexterm>
362 </listitem>
363 </varlistentry>
364
365 <varlistentry id="saslauthd">
366 <term><command>saslauthd</command></term>
367 <listitem>
368 <para>
369 is the SASL authentication server.
370 </para>
371 <indexterm zone="cyrus-sasl saslauthd">
372 <primary sortas="b-saslauthd">saslauthd</primary>
373 </indexterm>
374 </listitem>
375 </varlistentry>
376
377 <varlistentry id="sasldblistusers2">
378 <term><command>sasldblistusers2</command></term>
379 <listitem>
380 <para>
381 is used to list the users in the SASL password database
382 <filename>sasldb2</filename>.
383 </para>
384 <indexterm zone="cyrus-sasl sasldblistusers2">
385 <primary sortas="b-sasldblistusers2">sasldblistusers2</primary>
386 </indexterm>
387 </listitem>
388 </varlistentry>
389
390 <varlistentry id="saslpasswd2">
391 <term><command>saslpasswd2</command></term>
392 <listitem>
393 <para>
394 is used to set and delete a user's SASL password and
395 mechanism specific secrets in the SASL password
396 database <filename>sasldb2</filename>.
397 </para>
398 <indexterm zone="cyrus-sasl saslpasswd2">
399 <primary sortas="b-saslpasswd2">saslpasswd2</primary>
400 </indexterm>
401 </listitem>
402 </varlistentry>
403
404 <varlistentry id="testsaslauthd">
405 <term><command>testsaslauthd</command></term>
406 <listitem>
407 <para>
408 is a test utility for the SASL authentication server.
409 </para>
410 <indexterm zone="cyrus-sasl testsaslauthd">
411 <primary sortas="b-testsaslauthd">testsaslauthd</primary>
412 </indexterm>
413 </listitem>
414 </varlistentry>
415
416 <varlistentry id="libsasl2">
417 <term><filename class="libraryfile">libsasl2.so</filename></term>
418 <listitem>
419 <para>
420 is a general purpose authentication library for server
421 and client applications.
422 </para>
423 <indexterm zone="cyrus-sasl libsasl2">
424 <primary sortas="c-libsasl2">libsasl2.so</primary>
425 </indexterm>
426 </listitem>
427 </varlistentry>
428
429 </variablelist>
430
431 </sect2>
432
433</sect1>
Note: See TracBrowser for help on using the repository browser.