source: postlfs/security/cyrus-sasl.xml@ cf1522e5

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 9.1 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since cf1522e5 was 6fef3c9, checked in by Douglas R. Reno <renodr@…>, 5 years ago

cyrus-sasl: On systemd, clarify what the default authentication mechanism is set to.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@22217 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 13.6 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY cyrus-sasl-download-http "https://github.com/cyrusimap/cyrus-sasl/releases/download/cyrus-sasl-&cyrus-sasl-version;/cyrus-sasl-&cyrus-sasl-version;.tar.gz">
8 <!ENTITY cyrus-sasl-download-ftp " ">
9 <!ENTITY cyrus-sasl-md5sum "a33820c66e0622222c5aefafa1581083">
10 <!ENTITY cyrus-sasl-size "3.9 MB">
11 <!ENTITY cyrus-sasl-buildsize "26 MB">
12 <!ENTITY cyrus-sasl-time "0.1 SBU">
13]>
14
15<sect1 id="cyrus-sasl" xreflabel="Cyrus SASL-&cyrus-sasl-version;">
16 <?dbhtml filename="cyrus-sasl.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>Cyrus SASL-&cyrus-sasl-version;</title>
24
25 <indexterm zone="cyrus-sasl">
26 <primary sortas="a-Cyrus-SASL">Cyrus SASL</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to Cyrus SASL</title>
31
32 <para>
33 The <application>Cyrus SASL</application> package contains a Simple
34 Authentication and Security Layer, a method for adding authentication
35 support to connection-based protocols. To use SASL, a protocol includes
36 a command for identifying and authenticating a user to a server and for
37 optionally negotiating protection of subsequent protocol interactions.
38 If its use is negotiated, a security layer is inserted between the
39 protocol and the connection.
40 </para>
41
42 &lfs90_checked;
43
44 <bridgehead renderas="sect3">Package Information</bridgehead>
45 <itemizedlist spacing="compact">
46 <listitem>
47 <para>
48 Download (HTTP): <ulink url="&cyrus-sasl-download-http;"/>
49 </para>
50 </listitem>
51 <listitem>
52 <para>
53 Download (FTP): <ulink url="&cyrus-sasl-download-ftp;"/>
54 </para>
55 </listitem>
56 <listitem>
57 <para>
58 Download MD5 sum: &cyrus-sasl-md5sum;
59 </para>
60 </listitem>
61 <listitem>
62 <para>
63 Download size: &cyrus-sasl-size;
64 </para>
65 </listitem>
66 <listitem>
67 <para>
68 Estimated disk space required: &cyrus-sasl-buildsize;
69 </para>
70 </listitem>
71 <listitem>
72 <para>
73 Estimated build time: &cyrus-sasl-time;
74 </para>
75 </listitem>
76 </itemizedlist>
77<!-- Not needed at version 2.1.27
78 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
79 <itemizedlist spacing="compact">
80 <listitem>
81 <para>
82 Required patch:
83 <ulink url="&patch-root;/cyrus-sasl-&cyrus-sasl-version;-fixes-3.patch"/>
84 </para>
85 </listitem>
86 <listitem>
87 <para>
88 Required patch:
89 <ulink url="&patch-root;/cyrus-sasl-&cyrus-sasl-version;-openssl-1.1.0-1.patch"/>
90 </para>
91 </listitem>
92 </itemizedlist>
93-->
94 <bridgehead renderas="sect3">Cyrus SASL Dependencies</bridgehead>
95
96 <bridgehead renderas="sect4">Recommended</bridgehead>
97 <para role="recommended">
98 <xref linkend="db"/>
99 </para>
100
101 <bridgehead renderas="sect4">Optional</bridgehead>
102 <para role="optional">
103 <xref linkend="linux-pam"/>,
104 <xref linkend="mitkrb"/>,
105 <xref linkend="mariadb"/> or <ulink url="http://www.mysql.com/">MySQL</ulink>,
106 <xref linkend="openjdk"/>,
107 <xref linkend="openldap"/>,
108 <xref linkend="postgresql"/>,
109 <xref linkend="sqlite"/>,
110 <ulink url="https://stuff.mit.edu/afs/net.mit.edu/project/attic/krb4/">krb4</ulink> and
111 <ulink url="http://dmalloc.com/">Dmalloc</ulink>
112 </para>
113
114 <para condition="html" role="usernotes">User Notes:
115 <ulink url="&blfs-wiki;/cyrus-sasl"/>
116 </para>
117 </sect2>
118
119 <sect2 role="installation">
120 <title>Installation of Cyrus SASL</title>
121
122 <note>
123 <para>
124 This package does not support parallel build.
125 </para>
126 </note>
127
128 <para>
129 Install <application>Cyrus SASL</application> by
130 running the following commands:
131 </para>
132
133<screen><userinput>./configure --prefix=/usr \
134 --sysconfdir=/etc \
135 --enable-auth-sasldb \
136 --with-dbpath=/var/lib/sasl/sasldb2 \
137 --with-saslauthd=/var/run/saslauthd &amp;&amp;
138make -j1</userinput></screen>
139
140 <para>
141 This package does not come with a test suite. If you are planning
142 on using the GSSAPI authentication mechanism, test
143 it after installing the package using the sample server and client
144 programs which were built in the preceding step. Instructions for
145 performing the tests can be found at
146 <ulink url="&hints-root;/downloads/files/cyrus-sasl.txt"/>.
147 </para>
148
149 <para>
150 Now, as the <systemitem class="username">root</systemitem> user:
151 </para>
152
153<screen role="root"><userinput>make install &amp;&amp;
154install -v -dm755 /usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/html &amp;&amp;
155install -v -m644 saslauthd/LDAP_SASLAUTHD /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; &amp;&amp;
156install -v -m644 doc/legacy/*.html /usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/html &amp;&amp;
157install -v -dm700 /var/lib/sasl</userinput></screen>
158
159 </sect2>
160
161 <sect2 role="commands">
162 <title>Command Explanations</title>
163
164 <para>
165 <parameter>--with-dbpath=/var/lib/sasl/sasldb2</parameter>: This
166 switch forces the <command>sasldb</command> database to be created
167 in <filename class="directory">/var/lib/sasl</filename> instead of
168 <filename class="directory">/etc</filename>.
169 </para>
170
171 <para>
172 <parameter>--with-saslauthd=/var/run/saslauthd</parameter>: This
173 switch forces <command>saslauthd</command> to use the FHS compliant
174 directory <filename class="directory">/var/run/saslauthd</filename>
175 for variable run-time data.
176 </para>
177
178 <para>
179 <parameter>--enable-auth-sasldb</parameter>: This switch enables
180 SASLDB authentication backend.
181 </para>
182
183 <para>
184 <option>--with-dblib=gdbm</option>: This switch forces
185 <application>GDBM</application> to be used instead of
186 <application>Berkeley DB</application>.
187 </para>
188
189 <para>
190 <option>--with-ldap</option>: This switch enables the
191 <application>OpenLDAP</application> support.
192 </para>
193
194 <para>
195 <option>--enable-ldapdb</option>: This switch enables the
196 LDAPDB authentication backend. There is a circular dependency with this
197 parameter. See <ulink url="&blfs-wiki;/cyrus-sasl"/> for a solution to
198 this problem.
199 </para>
200
201 <para>
202 <option>--enable-java</option>: This switch enables compiling of the
203 <application>Java</application> support libraries.
204 </para>
205
206 <para>
207 <option>--enable-login</option>: This option enables unsupported
208 LOGIN authentication.
209 </para>
210
211 <para>
212 <option>--enable-ntlm</option>: This option enables unsupported
213 NTLM authentication.
214 </para>
215
216 <para>
217 <command>install -v -m644 ...</command>: These commands
218 install documentation which is not installed by the
219 <command>make install</command> command.
220 </para>
221
222 <para>
223 <command>install -v -m700 -d /var/lib/sasl</command>: This directory
224 must exist when starting <command>saslauthd</command> or using the
225 sasldb plugin. If you're not going to be running the daemon or
226 using the plugins, you may omit the creation of this directory.
227 </para>
228
229 </sect2>
230
231 <sect2 role="configuration">
232 <title>Configuring Cyrus SASL</title>
233
234 <sect3 id="cyrus-sasl-config">
235 <title>Config Files</title>
236
237 <para>
238 <filename>/etc/saslauthd.conf</filename>
239 (for <command>saslauthd</command> LDAP configuration) and
240 <filename>/etc/sasl2/Appname.conf</filename>
241 (where "Appname" is the application defined name of the application)
242 </para>
243
244 <indexterm zone="cyrus-sasl cyrus-sasl-config">
245 <primary sortas="e-etc-saslauthd.conf">/etc/saslauthd.conf</primary>
246 </indexterm>
247
248 </sect3>
249
250 <sect3>
251 <title>Configuration Information</title>
252
253 <para>
254 See
255 <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/sysadmin.html"/>
256 for information on what to include in the application configuration files.
257 </para>
258
259 <para>
260 See
261 <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/LDAP_SASLAUTHD"/>
262 for configuring <command>saslauthd</command> with
263 <application>OpenLDAP</application>.
264 </para>
265
266 <para>
267 See
268 <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/gssapi.html"/>
269 for configuring <command>saslauthd</command> with <application>Kerberos</application>.
270 </para>
271
272 </sect3>
273
274 <sect3 id="cyrus-sasl-init">
275 <title><phrase revision="sysv">Init Script</phrase>
276 <phrase revision="systemd">Systemd Unit</phrase></title>
277
278 <para revision="sysv">
279 If you need to run the <command>saslauthd</command> daemon at system
280 startup, install the <filename>/etc/rc.d/init.d/saslauthd</filename>
281 init script included in the
282 <xref linkend="bootscripts"/> package using the following command:
283 </para>
284
285 <para revision="systemd">
286 If you need to run the <command>saslauthd</command> daemon at system
287 startup, install the <filename>saslauthd.service</filename> unit
288 included in the <xref linkend="systemd-units"/> package using the
289 following command:
290 </para>
291
292 <indexterm zone="cyrus-sasl cyrus-sasl-init">
293 <primary sortas="f-saslauthd">saslauthd</primary>
294 </indexterm>
295
296<screen role="root"><userinput>make install-saslauthd</userinput></screen>
297
298 <note>
299 <para>
300 You'll need to modify
301 <filename revision="sysv">/etc/sysconfig/saslauthd</filename>
302 <filename revision="systemd">/etc/default/saslauthd</filename>
303 and modify the
304 <option revision="sysv">AUTHMECH</option>
305 <option revision="systemd">MECHANISM</option>
306 parameter with your desired authentication mechanism.
307 <phrase revision="systemd">The default authentication
308 mechanism is "shadow".</phrase>
309 </para>
310 </note>
311
312 </sect3>
313
314 </sect2>
315
316 <sect2 role="content">
317 <title>Contents</title>
318
319 <segmentedlist>
320 <segtitle>Installed Programs</segtitle>
321 <segtitle>Installed Library</segtitle>
322 <segtitle>Installed Directories</segtitle>
323
324 <seglistitem>
325 <seg>
326 pluginviewer, saslauthd, sasldblistusers2, saslpasswd2 and
327 testsaslauthd
328 </seg>
329 <seg>
330 libsasl2.so
331 </seg>
332 <seg>
333 /usr/include/sasl,
334 /usr/lib/sasl2,
335 /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; and
336 /var/lib/sasl
337 </seg>
338 </seglistitem>
339 </segmentedlist>
340
341 <variablelist>
342 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
343 <?dbfo list-presentation="list"?>
344 <?dbhtml list-presentation="table"?>
345
346 <varlistentry id="pluginviewer">
347 <term><command>pluginviewer</command></term>
348 <listitem>
349 <para>
350 is used to list loadable SASL plugins and their properties.
351 </para>
352 <indexterm zone="cyrus-sasl pluginviewer">
353 <primary sortas="b-pluginviewer">pluginviewer</primary>
354 </indexterm>
355 </listitem>
356 </varlistentry>
357
358 <varlistentry id="saslauthd">
359 <term><command>saslauthd</command></term>
360 <listitem>
361 <para>
362 is the SASL authentication server.
363 </para>
364 <indexterm zone="cyrus-sasl saslauthd">
365 <primary sortas="b-saslauthd">saslauthd</primary>
366 </indexterm>
367 </listitem>
368 </varlistentry>
369
370 <varlistentry id="sasldblistusers2">
371 <term><command>sasldblistusers2</command></term>
372 <listitem>
373 <para>
374 is used to list the users in the SASL password database
375 <filename>sasldb2</filename>.
376 </para>
377 <indexterm zone="cyrus-sasl sasldblistusers2">
378 <primary sortas="b-sasldblistusers2">sasldblistusers2</primary>
379 </indexterm>
380 </listitem>
381 </varlistentry>
382
383 <varlistentry id="saslpasswd2">
384 <term><command>saslpasswd2</command></term>
385 <listitem>
386 <para>
387 is used to set and delete a user's SASL password and
388 mechanism specific secrets in the SASL password
389 database <filename>sasldb2</filename>.
390 </para>
391 <indexterm zone="cyrus-sasl saslpasswd2">
392 <primary sortas="b-saslpasswd2">saslpasswd2</primary>
393 </indexterm>
394 </listitem>
395 </varlistentry>
396
397 <varlistentry id="testsaslauthd">
398 <term><command>testsaslauthd</command></term>
399 <listitem>
400 <para>
401 is a test utility for the SASL authentication server.
402 </para>
403 <indexterm zone="cyrus-sasl testsaslauthd">
404 <primary sortas="b-testsaslauthd">testsaslauthd</primary>
405 </indexterm>
406 </listitem>
407 </varlistentry>
408
409 <varlistentry id="libsasl2">
410 <term><filename class="libraryfile">libsasl2.so</filename></term>
411 <listitem>
412 <para>
413 is a general purpose authentication library for server
414 and client applications.
415 </para>
416 <indexterm zone="cyrus-sasl libsasl2">
417 <primary sortas="c-libsasl2">libsasl2.so</primary>
418 </indexterm>
419 </listitem>
420 </varlistentry>
421
422 </variablelist>
423
424 </sect2>
425
426</sect1>
Note: See TracBrowser for help on using the repository browser.