Context Navigation

source: postlfs/security/cyrus-sasl.xml@ cfd4fa8

Visit:

11.3 12.0 12.1 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt plabs/newcss python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk xry111/llvm18 xry111/xf86-video-removal

Last change on this file since cfd4fa8 was 15445ab, checked in by Douglas R. Reno <renodr@…>, 16 months ago
Lots of tags
Property mode set to `100644`
File size: 14.4 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY cyrus-sasl-download-http "https://github.com/cyrusimap/cyrus-sasl/releases/download/cyrus-sasl-&cyrus-sasl-version;/cyrus-sasl-&cyrus-sasl-version;.tar.gz">
8	<!ENTITY cyrus-sasl-download-ftp " ">
9	<!ENTITY cyrus-sasl-md5sum "6f228a692516f5318a64505b46966cfa">
10	<!ENTITY cyrus-sasl-size "3.9 MB">
11	<!ENTITY cyrus-sasl-buildsize "28 MB">
12	<!ENTITY cyrus-sasl-time "0.2 SBU">
13	]>
14
15	<sect1 id="cyrus-sasl" xreflabel="Cyrus SASL-&cyrus-sasl-version;">
16	<?dbhtml filename="cyrus-sasl.html"?>
17
18
19	<title>Cyrus SASL-&cyrus-sasl-version;</title>
20
21	<indexterm zone="cyrus-sasl">
22	<primary sortas="a-Cyrus-SASL">Cyrus SASL</primary>
23	</indexterm>
24
25	<sect2 role="package">
26	<title>Introduction to Cyrus SASL</title>
27
28	<para>
29	The <application>Cyrus SASL</application> package contains a Simple
30	Authentication and Security Layer implementation, a method for adding
31	authentication support to connection-based protocols. To use SASL, a
32	protocol includes a command for identifying and authenticating a user to
33	a server and for optionally negotiating protection of subsequent protocol
34	interactions. If its use is negotiated, a security layer is inserted
35	between the protocol and the connection.
36	</para>
37
38	&lfs113_checked;
39
40	<!-- To test this package at freeze, run the following command:
41	testsaslauthd -u <current user> -p <password>
42	after saslauthd is started. -->
43	<bridgehead renderas="sect3">Package Information</bridgehead>
44	<itemizedlist spacing="compact">
45	<listitem>
46	<para>
47	Download (HTTP): <ulink url="&cyrus-sasl-download-http;"/>
48	</para>
49	</listitem>
50	<listitem>
51	<para>
52	Download (FTP): <ulink url="&cyrus-sasl-download-ftp;"/>
53	</para>
54	</listitem>
55	<listitem>
56	<para>
57	Download MD5 sum: &cyrus-sasl-md5sum;
58	</para>
59	</listitem>
60	<listitem>
61	<para>
62	Download size: &cyrus-sasl-size;
63	</para>
64	</listitem>
65	<listitem>
66	<para>
67	Estimated disk space required: &cyrus-sasl-buildsize;
68	</para>
69	</listitem>
70	<listitem>
71	<para>
72	Estimated build time: &cyrus-sasl-time;
73	</para>
74	</listitem>
75	</itemizedlist>
76
77	<!-- Not needed anymore
78	<bridgehead renderas="sect3">Additional Downloads</bridgehead>
79	<itemizedlist spacing="compact">
80	<listitem>
81	<para>
82	Required patch:
83	<ulink url="&patch-root;/cyrus-sasl-&cyrus-sasl-version;-doc_fixes-1.patch"/>
84	</para>
85	</listitem>
86	<!- -<listitem>
87	<para>
88	Required patch:
89	<ulink url="&patch-root;/cyrus-sasl-&cyrus-sasl-version;-openssl-1.1.0-1.patch"/>
90	</para>
91	</listitem>- ->
92	</itemizedlist>
93	-->
94
95	<bridgehead renderas="sect3">Cyrus SASL Dependencies</bridgehead>
96
97	<bridgehead renderas="sect4">Recommended</bridgehead>
98	<para role="recommended">
99	<xref linkend="db"/>
100	</para>
101
102	<bridgehead renderas="sect4">Optional</bridgehead>
103	<para role="optional">
104	<xref linkend="linux-pam"/>,
105	<xref linkend="mitkrb"/>,
106	<xref linkend="mariadb"/> or <ulink url="https://www.mysql.com/">MySQL</ulink>,
107	<xref linkend="openldap"/>,
108	<xref linkend="postgresql"/>,
109	<xref linkend="sphinx"/>,
110	<xref linkend="sqlite"/>,
111	<ulink url="https://stuff.mit.edu/afs/net.mit.edu/project/attic/krb4/">krb4</ulink>,
112	<ulink url="https://dmalloc.com/">Dmalloc</ulink>, and
113	<ulink url="https://metacpan.org/pod/Pod::POM::View::Restructured">Pod::POM::View::Restructured</ulink>
114	</para>
115
116	<para condition="html" role="usernotes">User Notes:
117	<ulink url="&blfs-wiki;/cyrus-sasl"/>
118	</para>
119	</sect2>
120
121	<sect2 role="installation">
122	<title>Installation of Cyrus SASL</title>
123
124	<note>
125	<para>
126	This package does not support parallel build.
127	</para>
128	</note>
129
130	<!-- Without this patch, having Sphinx and/or doctools (doctools not tested)
131	on the system causes an FTBFS when man pages are generated. The Sphinx
132	and Docutils API has changed significantly between Sphinx-{1,2} and
133	Sphinx-3.0.
134
135	<para>
136	First, fix a build failure if Sphinx or
137	<xref role="nodep" linkend="docutils"/> is installed on the system:
138	</para>
139
140	<screen><userinput remap="pre">patch -Np1 -i ../cyrus-sasl-2.1.27-doc_fixes-1.patch</userinput></screen>
141	-->
142
143	<para>
144	Install <application>Cyrus SASL</application> by
145	running the following commands:
146	</para>
147
148	<screen><userinput>./configure --prefix=/usr \
149	--sysconfdir=/etc \
150	--enable-auth-sasldb \
151	--with-dbpath=/var/lib/sasl/sasldb2 \
152	--with-sphinx-build=no \
153	--with-saslauthd=/var/run/saslauthd &&
154	make -j1</userinput></screen>
155
156	<para>
157	This package does not come with a test suite. If you are planning
158	on using the GSSAPI authentication mechanism, test
159	it after installing the package using the sample server and client
160	programs which were built in the preceding step. Instructions for
161	performing the tests can be found at
162	<ulink url="&hints-root;/downloads/files/cyrus-sasl.txt"/>.
163	</para>
164
165	<para>
166	Now, as the <systemitem class="username">root</systemitem> user:
167	</para>
168
169	<screen role="root"><userinput>make install &&
170	install -v -dm755 /usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/html &&
171	install -v -m644 saslauthd/LDAP_SASLAUTHD /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; &&
172	install -v -m644 doc/legacy/*.html /usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/html &&
173	install -v -dm700 /var/lib/sasl</userinput></screen>
174
175	</sect2>
176
177	<sect2 role="commands">
178	<title>Command Explanations</title>
179
180	<para>
181	<parameter>--with-dbpath=/var/lib/sasl/sasldb2</parameter>: This
182	switch forces the <command>sasldb</command> database to be created
183	in <filename class="directory">/var/lib/sasl</filename> instead of
184	<filename class="directory">/etc</filename>.
185	</para>
186
187	<para>
188	<parameter>--with-saslauthd=/var/run/saslauthd</parameter>: This
189	switch forces <command>saslauthd</command> to use the FHS compliant
190	directory <filename class="directory">/var/run/saslauthd</filename>
191	for variable run-time data.
192	</para>
193
194	<para>
195	<parameter>--enable-auth-sasldb</parameter>: This switch enables
196	SASLDB authentication backend.
197	</para>
198
199	<para>
200	<option>--with-dblib=gdbm</option>: This switch forces
201	<application>GDBM</application> to be used instead of
202	<application>Berkeley DB</application>.
203	</para>
204
205	<para>
206	<option>--with-ldap</option>: This switch enables the
207	<application>OpenLDAP</application> support.
208	</para>
209
210	<para>
211	<option>--enable-ldapdb</option>: This switch enables the
212	LDAPDB authentication backend. <!--There is a circular dependency with this
213	parameter. See <ulink url="&blfs-wiki;/cyrus-sasl"/> for a solution to
214	this problem.-->
215	</para>
216
217	<!-- Removed in 2.1.28
218	<para>
219	<option>- -enable-java</option>: This switch enables compiling of the
220	<application>Java</application> support libraries.
221	</para>
222	-->
223
224	<para>
225	<option>--enable-login</option>: This option enables unsupported
226	LOGIN authentication.
227	</para>
228
229	<para>
230	<option>--enable-ntlm</option>: This option enables unsupported
231	NTLM authentication.
232	</para>
233
234	<para>
235	<command>install -v -m644 ...</command>: These commands
236	install documentation which is not installed by the
237	<command>make install</command> command.
238	</para>
239
240	<para>
241	<command>install -v -m700 -d /var/lib/sasl</command>: This directory
242	must exist when starting <command>saslauthd</command> or using the
243	sasldb plugin. If you're not going to be running the daemon or
244	using the plugins, you may omit the creation of this directory.
245	</para>
246
247	</sect2>
248
249	<sect2 role="configuration">
250	<title>Configuring Cyrus SASL</title>
251
252	<sect3 id="cyrus-sasl-config">
253	<title>Config Files</title>
254
255	<para>
256	<filename>/etc/saslauthd.conf</filename>
257	(for <command>saslauthd</command> LDAP configuration) and
258	<filename>/etc/sasl2/Appname.conf</filename>
259	(where "Appname" is the application defined name of the application)
260	</para>
261
262	<indexterm zone="cyrus-sasl cyrus-sasl-config">
263	<primary sortas="e-etc-saslauthd.conf">/etc/saslauthd.conf</primary>
264	</indexterm>
265
266	</sect3>
267
268	<sect3>
269	<title>Configuration Information</title>
270
271	<para>
272	See
273	<ulink url="https://www.cyrusimap.org/sasl/sasl/sysadmin.html"/>
274	for information on what to include in the application configuration files.
275	</para>
276
277	<para>
278	See
279	<ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/LDAP_SASLAUTHD"/>
280	for configuring <command>saslauthd</command> with
281	<application>OpenLDAP</application>.
282	</para>
283
284	<para>
285	See
286	<ulink url="https://www.cyrusimap.org/sasl/sasl/gssapi.html#gssapi"/>
287	for configuring <command>saslauthd</command> with <application>Kerberos</application>.
288	</para>
289
290	</sect3>
291
292	<sect3 id="cyrus-sasl-init">
293	<title><phrase revision="sysv">Init Script</phrase>
294	<phrase revision="systemd">Systemd Unit</phrase></title>
295
296	<para revision="sysv">
297	If you need to run the <command>saslauthd</command> daemon at system
298	startup, install the <filename>/etc/rc.d/init.d/saslauthd</filename>
299	init script included in the
300	<xref linkend="bootscripts"/> package using the following command:
301	</para>
302
303	<para revision="systemd">
304	If you need to run the <command>saslauthd</command> daemon at system
305	startup, install the <filename>saslauthd.service</filename> unit
306	included in the <xref linkend="systemd-units"/> package using the
307	following command:
308	</para>
309
310	<indexterm zone="cyrus-sasl cyrus-sasl-init">
311	<primary sortas="f-saslauthd">saslauthd</primary>
312	</indexterm>
313
314	<screen role="root"><userinput>make install-saslauthd</userinput></screen>
315
316	<note>
317	<para>
318	You'll need to modify
319	<filename revision="sysv">/etc/sysconfig/saslauthd</filename>
320	<filename revision="systemd">/etc/default/saslauthd</filename>
321	and modify the
322	<option revision="sysv">AUTHMECH</option>
323	<option revision="systemd">MECHANISM</option>
324	parameter with your desired authentication mechanism.
325	<phrase revision="systemd">The default authentication
326	mechanism is "shadow".</phrase>
327	</para>
328	</note>
329
330	</sect3>
331
332	</sect2>
333
334	<sect2 role="content">
335	<title>Contents</title>
336
337	<segmentedlist>
338	<segtitle>Installed Programs</segtitle>
339	<segtitle>Installed Library</segtitle>
340	<segtitle>Installed Directories</segtitle>
341
342	<seglistitem>
343	<seg>
344	pluginviewer, saslauthd, sasldblistusers2, saslpasswd2 and
345	testsaslauthd
346	</seg>
347	<seg>
348	libsasl2.so
349	</seg>
350	<seg>
351	/usr/include/sasl,
352	/usr/lib/sasl2,
353	/usr/share/doc/cyrus-sasl-&cyrus-sasl-version; and
354	/var/lib/sasl
355	</seg>
356	</seglistitem>
357	</segmentedlist>
358
359	<variablelist>
360	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
361	<?dbfo list-presentation="list"?>
362	<?dbhtml list-presentation="table"?>
363
364	<varlistentry id="pluginviewer">
365	<term><command>pluginviewer</command></term>
366	<listitem>
367	<para>
368	is used to list loadable SASL plugins and their properties
369	</para>
370	<indexterm zone="cyrus-sasl pluginviewer">
371	<primary sortas="b-pluginviewer">pluginviewer</primary>
372	</indexterm>
373	</listitem>
374	</varlistentry>
375
376	<varlistentry id="saslauthd">
377	<term><command>saslauthd</command></term>
378	<listitem>
379	<para>
380	is the SASL authentication server
381	</para>
382	<indexterm zone="cyrus-sasl saslauthd">
383	<primary sortas="b-saslauthd">saslauthd</primary>
384	</indexterm>
385	</listitem>
386	</varlistentry>
387
388	<varlistentry id="sasldblistusers2">
389	<term><command>sasldblistusers2</command></term>
390	<listitem>
391	<para>
392	is used to list the users in the SASL password database
393	<filename>sasldb2</filename>
394	</para>
395	<indexterm zone="cyrus-sasl sasldblistusers2">
396	<primary sortas="b-sasldblistusers2">sasldblistusers2</primary>
397	</indexterm>
398	</listitem>
399	</varlistentry>
400
401	<varlistentry id="saslpasswd2">
402	<term><command>saslpasswd2</command></term>
403	<listitem>
404	<para>
405	is used to set and delete a user's SASL password and
406	mechanism specific secrets in the SASL password
407	database <filename>sasldb2</filename>
408	</para>
409	<indexterm zone="cyrus-sasl saslpasswd2">
410	<primary sortas="b-saslpasswd2">saslpasswd2</primary>
411	</indexterm>
412	</listitem>
413	</varlistentry>
414
415	<varlistentry id="testsaslauthd">
416	<term><command>testsaslauthd</command></term>
417	<listitem>
418	<para>
419	is a test utility for the SASL authentication server
420	</para>
421	<indexterm zone="cyrus-sasl testsaslauthd">
422	<primary sortas="b-testsaslauthd">testsaslauthd</primary>
423	</indexterm>
424	</listitem>
425	</varlistentry>
426
427	<varlistentry id="libsasl2">
428	<term><filename class="libraryfile">libsasl2.so</filename></term>
429	<listitem>
430	<para>
431	is a general purpose authentication library for server
432	and client applications
433	</para>
434	<indexterm zone="cyrus-sasl libsasl2">
435	<primary sortas="c-libsasl2">libsasl2.so</primary>
436	</indexterm>
437	</listitem>
438	</varlistentry>
439
440	</variablelist>
441
442	</sect2>
443
444	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: