source: postlfs/security/cyrus-sasl.xml@ beb65db

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since beb65db was beb65db, checked in by Douglas R. Reno <renodr@…>, 7 years ago

Tags, Tags, the final round of my tags for the night!

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@18312 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 13.2 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY cyrus-sasl-download-http " ">
8 <!ENTITY cyrus-sasl-download-ftp "ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-&cyrus-sasl-version;.tar.gz">
9 <!ENTITY cyrus-sasl-md5sum "a7f4e5e559a0e37b3ffc438c9456e425">
10 <!ENTITY cyrus-sasl-size "5.0 MB">
11 <!ENTITY cyrus-sasl-buildsize "30 MB">
12 <!ENTITY cyrus-sasl-time "0.5 SBU">
13]>
14
15<sect1 id="cyrus-sasl" xreflabel="Cyrus SASL-&cyrus-sasl-version;">
16 <?dbhtml filename="cyrus-sasl.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>Cyrus SASL-&cyrus-sasl-version;</title>
24
25 <indexterm zone="cyrus-sasl">
26 <primary sortas="a-Cyrus-SASL">Cyrus SASL</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to Cyrus SASL</title>
31
32 <para>
33 The <application>Cyrus SASL</application> package contains a Simple
34 Authentication and Security Layer, a method for adding authentication
35 support to connection-based protocols. To use SASL, a protocol includes
36 a command for identifying and authenticating a user to a server and for
37 optionally negotiating protection of subsequent protocol interactions.
38 If its use is negotiated, a security layer is inserted between the
39 protocol and the connection.
40 </para>
41
42 &lfs80_checked;
43
44 <bridgehead renderas="sect3">Package Information</bridgehead>
45 <itemizedlist spacing="compact">
46 <listitem>
47 <para>
48 Download (HTTP): <ulink url="&cyrus-sasl-download-http;"/>
49 </para>
50 </listitem>
51 <listitem>
52 <para>
53 Download (FTP): <ulink url="&cyrus-sasl-download-ftp;"/>
54 </para>
55 </listitem>
56 <listitem>
57 <para>
58 Download MD5 sum: &cyrus-sasl-md5sum;
59 </para>
60 </listitem>
61 <listitem>
62 <para>
63 Download size: &cyrus-sasl-size;
64 </para>
65 </listitem>
66 <listitem>
67 <para>
68 Estimated disk space required: &cyrus-sasl-buildsize;
69 </para>
70 </listitem>
71 <listitem>
72 <para>
73 Estimated build time: &cyrus-sasl-time;
74 </para>
75 </listitem>
76 </itemizedlist>
77
78 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
79 <itemizedlist spacing="compact">
80 <listitem>
81 <para>
82 Required patch:
83 <ulink url="&patch-root;/cyrus-sasl-&cyrus-sasl-version;-fixes-3.patch"/>
84 </para>
85 </listitem>
86 </itemizedlist>
87
88 <bridgehead renderas="sect3">Cyrus SASL Dependencies</bridgehead>
89
90 <bridgehead renderas="sect4">Required</bridgehead>
91 <para role="required">
92 <xref linkend="openssl"/>
93 </para>
94
95 <bridgehead renderas="sect4">Recommended</bridgehead>
96 <para role="recommended">
97 <xref linkend="db"/>
98 </para>
99
100 <bridgehead renderas="sect4">Optional</bridgehead>
101 <para role="optional">
102 <xref linkend="linux-pam"/>,
103 <xref linkend="mitkrb"/>,
104 <xref linkend="mariadb"/> or <ulink url="http://www.mysql.com/">MySQL</ulink>,
105 <xref linkend="openjdk"/>,
106 <xref linkend="openldap"/>,
107 <xref linkend="postgresql"/>,
108 <xref linkend="sqlite"/>,
109 <ulink url="ftp://ftp.pdc.kth.se/pub/krb/src/">krb4</ulink> and
110 <ulink url="http://dmalloc.com/">Dmalloc</ulink>
111 </para>
112
113 <para condition="html" role="usernotes">User Notes:
114 <ulink url="&blfs-wiki;/cyrus-sasl"/>
115 </para>
116 </sect2>
117
118 <sect2 role="installation">
119 <title>Installation of Cyrus SASL</title>
120
121 <para>
122 Install <application>Cyrus SASL</application> by
123 running the following commands:
124 </para>
125
126<screen><userinput>patch -Np1 -i ../cyrus-sasl-&cyrus-sasl-version;-fixes-3.patch &amp;&amp;
127autoreconf -fi &amp;&amp;
128
129./configure --prefix=/usr \
130 --sysconfdir=/etc \
131 --enable-auth-sasldb \
132 --with-dbpath=/var/lib/sasl/sasldb2 \
133 --with-saslauthd=/var/run/saslauthd &amp;&amp;
134make</userinput></screen>
135
136 <para>
137 This package does not come with a test suite. If you are planning
138 on using the GSSAPI authentication mechanism, it is recommended to test
139 it after installing the package using the sample server and client
140 programs which were built in the preceding step. Instructions for
141 performing the tests can be found at
142 <ulink url="&hints-root;/downloads/files/cyrus-sasl.txt"/>.
143 </para>
144
145 <para>
146 Now, as the <systemitem class="username">root</systemitem> user:
147 </para>
148
149<screen role="root"><userinput>make install &amp;&amp;
150install -v -dm755 /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; &amp;&amp;
151install -v -m644 doc/{*.{html,txt,fig},ONEWS,TODO} \
152 saslauthd/LDAP_SASLAUTHD /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; &amp;&amp;
153install -v -dm700 /var/lib/sasl</userinput></screen>
154
155 </sect2>
156
157 <sect2 role="commands">
158 <title>Command Explanations</title>
159
160 <para>
161 <parameter>--with-dbpath=/var/lib/sasl/sasldb2</parameter>: This
162 switch forces the <command>sasldb</command> database to be created
163 in <filename class="directory">/var/lib/sasl</filename> instead of
164 <filename class="directory">/etc</filename>.
165 </para>
166
167 <para>
168 <parameter>--with-saslauthd=/var/run/saslauthd</parameter>: This
169 switch forces <command>saslauthd</command> to use the FHS compliant
170 directory <filename class="directory">/var/run/saslauthd</filename>
171 for variable run-time data.
172 </para>
173
174 <para>
175 <parameter>--enable-auth-sasldb</parameter>: This switch enables
176 SASLDB authentication backend.
177 </para>
178
179 <para>
180 <option>--with-dblib=gdbm</option>: This switch forces
181 <application>GDBM</application> to be used instead of
182 <application>Berkeley DB</application>.
183 </para>
184
185 <para>
186 <option>--with-ldap</option>: This switch enables the
187 <application>OpenLDAP</application> support.
188 </para>
189
190 <para>
191 <option>--enable-ldapdb</option>: This switch enables the
192 LDAPDB authentication backend. There is a circular dependency with this
193 parameter. See <ulink url="&blfs-wiki;/cyrus-sasl"/> for a solution to
194 this problem.
195 </para>
196
197 <para>
198 <option>--enable-java</option>: This switch enables compiling of the
199 <application>Java</application> support libraries.
200 </para>
201
202 <para>
203 <option>--enable-login</option>: This option enables unsupported
204 LOGIN authentication.
205 </para>
206
207 <para>
208 <option>--enable-ntlm</option>: This option enables unsupported
209 NTLM authentication.
210 </para>
211
212 <para>
213 <command>install -v -m644 ...</command>: These commands
214 install documentation which is not installed by the
215 <command>make install</command> command.
216 </para>
217
218 <para>
219 <command>install -v -m700 -d /var/lib/sasl</command>: This directory
220 must exist when starting <command>saslauthd</command> or using the
221 sasldb plugin. If you're not going to be running the daemon or
222 using the plugins, you may omit the creation of this directory.
223 </para>
224
225 </sect2>
226
227 <sect2 role="configuration">
228 <title>Configuring Cyrus SASL</title>
229
230 <sect3 id="cyrus-sasl-config">
231 <title>Config Files</title>
232
233 <para>
234 <filename>/etc/saslauthd.conf</filename>
235 (for <command>saslauthd</command> LDAP configuration) and
236 <filename>/etc/sasl2/Appname.conf</filename>
237 (where "Appname" is the application defined name of the application)
238 </para>
239
240 <indexterm zone="cyrus-sasl cyrus-sasl-config">
241 <primary sortas="e-etc-saslauthd.conf">/etc/saslauthd.conf</primary>
242 </indexterm>
243
244 </sect3>
245
246 <sect3>
247 <title>Configuration Information</title>
248
249 <para>
250 See
251 <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/sysadmin.html"/>
252 for information on what to include in the application configuration files.
253 </para>
254
255 <para>
256 See
257 <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/LDAP_SASLAUTHD"/>
258 for configuring <command>saslauthd</command> with
259 <application>OpenLDAP</application>.
260 </para>
261
262 <para>
263 See
264 <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/gssapi.html"/>
265 for configuring <command>saslauthd</command> with <application>Kerberos</application>.
266 </para>
267
268 </sect3>
269
270 <sect3 id="cyrus-sasl-init">
271 <title><phrase revision="sysv">Init Script</phrase>
272 <phrase revision="systemd">Systemd Unit</phrase></title>
273
274 <para revision="sysv">
275 If you need to run the <command>saslauthd</command> daemon at system
276 startup, install the <filename>/etc/rc.d/init.d/saslauthd</filename>
277 init script included in the
278 <xref linkend="bootscripts"/> package using the following command:
279 </para>
280
281 <para revision="systemd">
282 If you need to run the <command>saslauthd</command> daemon at system
283 startup, install the <filename>saslauthd.service</filename> unit
284 included in the <xref linkend="systemd-units"/> package using the
285 following command:
286 </para>
287
288 <indexterm zone="cyrus-sasl cyrus-sasl-init">
289 <primary sortas="f-saslauthd">saslauthd</primary>
290 </indexterm>
291
292<screen role="root"><userinput>make install-saslauthd</userinput></screen>
293
294 <note>
295 <para>
296 You'll need to modify
297 <filename revision="sysv">/etc/sysconfig/saslauthd</filename>
298 <filename revision="systemd">/etc/default/saslauthd</filename>
299 and modify the
300 <option revision="sysv">AUTHMECH</option>
301 <option revision="systemd">MECHANISM</option>
302 parameter with your desired authentication mechanism.
303 </para>
304 </note>
305
306 </sect3>
307
308 </sect2>
309
310 <sect2 role="content">
311 <title>Contents</title>
312
313 <segmentedlist>
314 <segtitle>Installed Programs</segtitle>
315 <segtitle>Installed Library</segtitle>
316 <segtitle>Installed Directories</segtitle>
317
318 <seglistitem>
319 <seg>
320 pluginviewer, saslauthd, sasldblistusers2, saslpasswd2 and
321 testsaslauthd
322 </seg>
323 <seg>
324 libsasl2.so
325 </seg>
326 <seg>
327 /usr/include/sasl,
328 /usr/lib/sasl2,
329 /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; and
330 /var/lib/sasl
331 </seg>
332 </seglistitem>
333 </segmentedlist>
334
335 <variablelist>
336 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
337 <?dbfo list-presentation="list"?>
338 <?dbhtml list-presentation="table"?>
339
340 <varlistentry id="pluginviewer">
341 <term><command>pluginviewer</command></term>
342 <listitem>
343 <para>
344 is used to list loadable SASL plugins and their properties.
345 </para>
346 <indexterm zone="cyrus-sasl pluginviewer">
347 <primary sortas="b-pluginviewer">pluginviewer</primary>
348 </indexterm>
349 </listitem>
350 </varlistentry>
351
352 <varlistentry id="saslauthd">
353 <term><command>saslauthd</command></term>
354 <listitem>
355 <para>
356 is the SASL authentication server.
357 </para>
358 <indexterm zone="cyrus-sasl saslauthd">
359 <primary sortas="b-saslauthd">saslauthd</primary>
360 </indexterm>
361 </listitem>
362 </varlistentry>
363
364 <varlistentry id="sasldblistusers2">
365 <term><command>sasldblistusers2</command></term>
366 <listitem>
367 <para>
368 is used to list the users in the SASL password database
369 <filename>sasldb2</filename>.
370 </para>
371 <indexterm zone="cyrus-sasl sasldblistusers2">
372 <primary sortas="b-sasldblistusers2">sasldblistusers2</primary>
373 </indexterm>
374 </listitem>
375 </varlistentry>
376
377 <varlistentry id="saslpasswd2">
378 <term><command>saslpasswd2</command></term>
379 <listitem>
380 <para>
381 is used to set and delete a user's SASL password and
382 mechanism specific secrets in the SASL password
383 database <filename>sasldb2</filename>.
384 </para>
385 <indexterm zone="cyrus-sasl saslpasswd2">
386 <primary sortas="b-saslpasswd2">saslpasswd2</primary>
387 </indexterm>
388 </listitem>
389 </varlistentry>
390
391 <varlistentry id="testsaslauthd">
392 <term><command>testsaslauthd</command></term>
393 <listitem>
394 <para>
395 is a test utility for the SASL authentication server.
396 </para>
397 <indexterm zone="cyrus-sasl testsaslauthd">
398 <primary sortas="b-testsaslauthd">testsaslauthd</primary>
399 </indexterm>
400 </listitem>
401 </varlistentry>
402
403 <varlistentry id="libsasl2">
404 <term><filename class="libraryfile">libsasl2.so</filename></term>
405 <listitem>
406 <para>
407 is a general purpose authentication library for server
408 and client applications.
409 </para>
410 <indexterm zone="cyrus-sasl libsasl2">
411 <primary sortas="c-libsasl2">libsasl2.so</primary>
412 </indexterm>
413 </listitem>
414 </varlistentry>
415
416 </variablelist>
417
418 </sect2>
419
420</sect1>
Note: See TracBrowser for help on using the repository browser.