source: postlfs/security/cyrus-sasl.xml@ a5ce76f

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since a5ce76f was a5ce76f, checked in by Krejzi <krejzi@…>, 11 years ago

Minor fixes to the bootscripts and cyrus sasl options.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@11286 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 12.7 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY cyrus-sasl-download-http " ">
8 <!ENTITY cyrus-sasl-download-ftp "ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-&cyrus-sasl-version;.tar.gz">
9 <!ENTITY cyrus-sasl-md5sum "a7f4e5e559a0e37b3ffc438c9456e425">
10 <!ENTITY cyrus-sasl-size "5.0 MB">
11 <!ENTITY cyrus-sasl-buildsize "30 MB">
12 <!ENTITY cyrus-sasl-time "0.5 SBU">
13]>
14
15<sect1 id="cyrus-sasl" xreflabel="Cyrus SASL-&cyrus-sasl-version;">
16 <?dbhtml filename="cyrus-sasl.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>Cyrus SASL-&cyrus-sasl-version;</title>
24
25 <indexterm zone="cyrus-sasl">
26 <primary sortas="a-Cyrus-SASL">Cyrus SASL</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to Cyrus SASL</title>
31
32 <para>
33 The <application>Cyrus SASL</application> package contains a Simple
34 Authentication and Security Layer, a method for adding authentication
35 support to connection-based protocols. To use SASL, a protocol includes
36 a command for identifying and authenticating a user to a server and for
37 optionally negotiating protection of subsequent protocol interactions.
38 If its use is negotiated, a security layer is inserted between the
39 protocol and the connection.
40 </para>
41
42 &lfs73_checked;
43
44 <bridgehead renderas="sect3">Package Information</bridgehead>
45 <itemizedlist spacing="compact">
46 <listitem>
47 <para>
48 Download (HTTP): <ulink url="&cyrus-sasl-download-http;"/>
49 </para>
50 </listitem>
51 <listitem>
52 <para>
53 Download (FTP): <ulink url="&cyrus-sasl-download-ftp;"/>
54 </para>
55 </listitem>
56 <listitem>
57 <para>
58 Download MD5 sum: &cyrus-sasl-md5sum;
59 </para>
60 </listitem>
61 <listitem>
62 <para>
63 Download size: &cyrus-sasl-size;
64 </para>
65 </listitem>
66 <listitem>
67 <para>
68 Estimated disk space required: &cyrus-sasl-buildsize;
69 </para>
70 </listitem>
71 <listitem>
72 <para>
73 Estimated build time: &cyrus-sasl-time;
74 </para>
75 </listitem>
76 </itemizedlist>
77
78 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
79 <itemizedlist spacing="compact">
80 <listitem>
81 <para>
82 Required patch:
83 <ulink url="&patch-root;/cyrus-sasl-&cyrus-sasl-version;-fixes-1.patch"/>
84 </para>
85 </listitem>
86 </itemizedlist>
87
88 <bridgehead renderas="sect3">Cyrus SASL Dependencies</bridgehead>
89
90 <bridgehead renderas="sect4">Required</bridgehead>
91 <para role="required">
92 <xref linkend="openssl"/>
93 </para>
94
95 <bridgehead renderas="sect4">Recommended</bridgehead>
96 <para role="recommended">
97 <xref linkend="db"/>
98 </para>
99
100 <bridgehead renderas="sect4">Optional</bridgehead>
101 <para role="optional">
102 <xref linkend="linux-pam"/>,
103 <xref linkend="mitkrb"/>,
104 <xref linkend="mysql"/>,
105 <xref linkend="openjdk"/>,
106 <xref linkend="openldap"/>,
107 <xref linkend="postgresql"/>,
108 <xref linkend="sqlite"/>,
109 <ulink url="http://www.pdc.kth.se/kth-krb/">krb4</ulink> and
110 <ulink url="http://dmalloc.com/">Dmalloc</ulink>
111 </para>
112
113 <para condition="html" role="usernotes">User Notes:
114 <ulink url="&blfs-wiki;/cyrus-sasl"/>
115 </para>
116 </sect2>
117
118 <sect2 role="installation">
119 <title>Installation of Cyrus SASL</title>
120
121 <para>
122 Install <application>Cyrus SASL</application> by
123 running the following commands:
124 </para>
125
126<screen><userinput>patch -Np1 -i ../cyrus-sasl-&cyrus-sasl-version;-fixes-1.patch &amp;&amp;
127autoreconf -fi &amp;&amp;
128pushd saslauthd
129autoreconf -fi &amp;&amp;
130popd
131./configure --prefix=/usr \
132 --sysconfdir=/etc \
133 --with-dbpath=/var/lib/sasl/sasldb2 \
134 --with-saslauthd=/var/run/saslauthd \
135 --enable-auth-sasldb &amp;&amp;
136make</userinput></screen>
137
138 <para>
139 This package does not come with a test suite. If you are planning
140 on using the GSSAPI authentication mechanism, it is recommended to test
141 it after installing the package using the sample server and client
142 programs which were built in the preceding step. Instructions for
143 performing the tests can be found at
144 <ulink url="&hints-root;/downloads/files/cyrus-sasl.txt"/>.
145 </para>
146
147 <para>
148 Now, as the <systemitem class="username">root</systemitem> user:
149 </para>
150
151<screen role="root"><userinput>make install &amp;&amp;
152install -v -dm755 /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; &amp;&amp;
153install -v -m644 doc/{*.{html,txt,fig},ONEWS,TODO} \
154 saslauthd/LDAP_SASLAUTHD /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; &amp;&amp;
155install -v -dm700 /var/lib/sasl</userinput></screen>
156
157 </sect2>
158
159 <sect2 role="commands">
160 <title>Command Explanations</title>
161
162 <para>
163 <parameter>--with-dbpath=/var/lib/sasl/sasldb2</parameter>: This
164 switch forces the <command>sasldb</command> database to be created
165 in <filename class="directory">/var/lib/sasl</filename> instead of
166 <filename class="directory">/etc</filename>.
167 </para>
168
169 <para>
170 <parameter>--with-saslauthd=/var/run/saslauthd</parameter>: This
171 switch forces <command>saslauthd</command> to use the FHS compliant
172 directory <filename class="directory">/var/run/saslauthd</filename>
173 for variable run-time data.
174 </para>
175
176 <para>
177 <parameter>--enable-auth-sasldb</parameter>: This switch enables
178 SASLDB authentication backend.
179 </para>
180
181 <para>
182 <parameter>--with-dblib=gdbm</parameter>: This switch forces
183 <application>GDBM</application> to be used instead of
184 <application>Berkeley DB</application>.
185 </para>
186
187 <para>
188 <option>--with-ldap</option>: This switch enables the
189 <application>OpenLDAP</application> support.
190 </para>
191
192 <para>
193 <option>--enable-ldapdb</option>: This switch enables the
194 LDAPDB authentication backend. There is a circular dependency with this
195 parameter. See <ulink url="&blfs-wiki;/cyrus-sasl"/> for a solution to
196 this problem.
197 </para>
198
199 <para>
200 <option>--enable-java</option>: This switch enables compiling of the
201 <application>Java</application> support libraries.
202 </para>
203
204 <para>
205 <option>--enable-login</option>: This option enables unsupported
206 LOGIN authentication.
207 </para>
208
209 <para>
210 <option>--enable-ntlm</option>: This option enables unsupported
211 NTLM authentication.
212 </para>
213
214 <para>
215 <command>install -v -m644 ...</command>: These commands
216 install documentation which is not installed by the
217 <command>make install</command> command.
218 </para>
219
220 <para>
221 <command>install -v -m700 -d /var/lib/sasl</command>: This directory
222 must exist when starting <command>saslauthd</command> or using the
223 sasldb plugin. If you're not going to be running the daemon or
224 using the plugins, you may omit the creation of this directory.
225 </para>
226
227 </sect2>
228
229 <sect2 role="configuration">
230 <title>Configuring Cyrus SASL</title>
231
232 <sect3 id="cyrus-sasl-config">
233 <title>Config Files</title>
234
235 <para>
236 <filename>/etc/saslauthd.conf</filename>
237 (for <command>saslauthd</command> LDAP configuration) and
238 <filename>/etc/sasl2/Appname.conf</filename>
239 (where "Appname" is the application defined name of the application)
240 </para>
241
242 <indexterm zone="cyrus-sasl cyrus-sasl-config">
243 <primary sortas="e-etc-saslauthd.conf">/etc/saslauthd.conf</primary>
244 </indexterm>
245
246 </sect3>
247
248 <sect3>
249 <title>Configuration Information</title>
250
251 <para>
252 See
253 <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/sysadmin.html"/>
254 for information on what to include in the application configuration files.
255 </para>
256
257 <para>
258 See
259 <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/LDAP_SASLAUTHD"/>
260 for configuring <command>saslauthd</command> with
261 <application>OpenLDAP</application>.
262 </para>
263
264 <para>
265 See
266 <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/gssapi.html"/>
267 for configuring <command>saslauthd</command> with <application>Kerberos</application>.
268 </para>
269
270 </sect3>
271
272 <sect3 id="cyrus-sasl-init">
273 <title>Init Script</title>
274
275 <para>
276 If you need to run the <command>saslauthd</command> daemon at system
277 startup, install the <filename>/etc/rc.d/init.d/saslauthd</filename>
278 init script included in the <xref linkend="bootscripts"/>
279 package using the following command:
280 </para>
281
282 <indexterm zone="cyrus-sasl cyrus-sasl-init">
283 <primary sortas="f-saslauthd">saslauthd</primary>
284 </indexterm>
285
286<screen role="root"><userinput>make install-saslauthd</userinput></screen>
287
288 <note>
289 <para>
290 You'll need to modify /etc/sysconfig/saslauthd and replace the
291 <option><replaceable>AUTHMECH</replaceable></option> parameter
292 with your desired authentication mechanism.
293 </para>
294 </note>
295
296 </sect3>
297
298 </sect2>
299
300 <sect2 role="content">
301 <title>Contents</title>
302
303 <segmentedlist>
304 <segtitle>Installed Programs</segtitle>
305 <segtitle>Installed Library</segtitle>
306 <segtitle>Installed Directories</segtitle>
307
308 <seglistitem>
309 <seg>
310 pluginviewer, saslauthd, sasldblistusers2, saslpasswd2 and
311 testsaslauthd
312 </seg>
313 <seg>
314 libsasl2.so
315 </seg>
316 <seg>
317 /usr/include/sasl,
318 /usr/lib/sasl2,
319 /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; and
320 /var/lib/sasl
321 </seg>
322 </seglistitem>
323 </segmentedlist>
324
325 <variablelist>
326 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
327 <?dbfo list-presentation="list"?>
328 <?dbhtml list-presentation="table"?>
329
330 <varlistentry id="pluginviewer">
331 <term><command>pluginviewer</command></term>
332 <listitem>
333 <para>
334 is used to list loadable SASL plugins and their properties.
335 </para>
336 <indexterm zone="cyrus-sasl pluginviewer">
337 <primary sortas="b-pluginviewer">pluginviewer</primary>
338 </indexterm>
339 </listitem>
340 </varlistentry>
341
342 <varlistentry id="saslauthd">
343 <term><command>saslauthd</command></term>
344 <listitem>
345 <para>
346 is the SASL authentication server.
347 </para>
348 <indexterm zone="cyrus-sasl saslauthd">
349 <primary sortas="b-saslauthd">saslauthd</primary>
350 </indexterm>
351 </listitem>
352 </varlistentry>
353
354 <varlistentry id="sasldblistusers2">
355 <term><command>sasldblistusers2</command></term>
356 <listitem>
357 <para>
358 is used to list the users in the SASL password database
359 <filename>sasldb2</filename>.
360 </para>
361 <indexterm zone="cyrus-sasl sasldblistusers2">
362 <primary sortas="b-sasldblistusers2">sasldblistusers2</primary>
363 </indexterm>
364 </listitem>
365 </varlistentry>
366
367 <varlistentry id="saslpasswd2">
368 <term><command>saslpasswd2</command></term>
369 <listitem>
370 <para>
371 is used to set and delete a user's SASL password and
372 mechanism specific secrets in the SASL password
373 database <filename>sasldb2</filename>.
374 </para>
375 <indexterm zone="cyrus-sasl saslpasswd2">
376 <primary sortas="b-saslpasswd2">saslpasswd2</primary>
377 </indexterm>
378 </listitem>
379 </varlistentry>
380
381 <varlistentry id="testsaslauthd">
382 <term><command>testsaslauthd</command></term>
383 <listitem>
384 <para>
385 is a test utility for the SASL authentication server.
386 </para>
387 <indexterm zone="cyrus-sasl testsaslauthd">
388 <primary sortas="b-testsaslauthd">testsaslauthd</primary>
389 </indexterm>
390 </listitem>
391 </varlistentry>
392
393 <varlistentry id="libsasl2">
394 <term><filename class="libraryfile">libsasl2.so</filename></term>
395 <listitem>
396 <para>
397 is a general purpose authentication library for server
398 and client applications.
399 </para>
400 <indexterm zone="cyrus-sasl libsasl2">
401 <primary sortas="c-libsasl2">libsasl2.so</primary>
402 </indexterm>
403 </listitem>
404 </varlistentry>
405
406 </variablelist>
407
408 </sect2>
409
410</sect1>
Note: See TracBrowser for help on using the repository browser.