source: postlfs/security/cyrus-sasl.xml@ ebf10d3e

10.0 10.1 11.0 8.4 9.0 9.1 bdubbs/svn elogind ken/refactor-virt lazarus qt5new trunk upgradedb xry111/git-date xry111/git-date-for-trunk xry111/git-date-test
Last change on this file since ebf10d3e was ebf10d3e, checked in by Bruce Dubbs <bdubbs@…>, 3 years ago

Update to cyrus-sasl-2.1.27.
Update to libcap-2.26.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@20722 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 13.4 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY cyrus-sasl-download-http "https://www.cyrusimap.org/releases/cyrus-sasl-&cyrus-sasl-version;.tar.gz">
8 <!ENTITY cyrus-sasl-download-ftp " ">
9 <!ENTITY cyrus-sasl-md5sum "a33820c66e0622222c5aefafa1581083">
10 <!ENTITY cyrus-sasl-size "3.9 MB">
11 <!ENTITY cyrus-sasl-buildsize "26 MB">
12 <!ENTITY cyrus-sasl-time "0.1 SBU">
13]>
14
15<sect1 id="cyrus-sasl" xreflabel="Cyrus SASL-&cyrus-sasl-version;">
16 <?dbhtml filename="cyrus-sasl.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>Cyrus SASL-&cyrus-sasl-version;</title>
24
25 <indexterm zone="cyrus-sasl">
26 <primary sortas="a-Cyrus-SASL">Cyrus SASL</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to Cyrus SASL</title>
31
32 <para>
33 The <application>Cyrus SASL</application> package contains a Simple
34 Authentication and Security Layer, a method for adding authentication
35 support to connection-based protocols. To use SASL, a protocol includes
36 a command for identifying and authenticating a user to a server and for
37 optionally negotiating protection of subsequent protocol interactions.
38 If its use is negotiated, a security layer is inserted between the
39 protocol and the connection.
40 </para>
41
42 &lfs83_checked;
43
44 <bridgehead renderas="sect3">Package Information</bridgehead>
45 <itemizedlist spacing="compact">
46 <listitem>
47 <para>
48 Download (HTTP): <ulink url="&cyrus-sasl-download-http;"/>
49 </para>
50 </listitem>
51 <listitem>
52 <para>
53 Download (FTP): <ulink url="&cyrus-sasl-download-ftp;"/>
54 </para>
55 </listitem>
56 <listitem>
57 <para>
58 Download MD5 sum: &cyrus-sasl-md5sum;
59 </para>
60 </listitem>
61 <listitem>
62 <para>
63 Download size: &cyrus-sasl-size;
64 </para>
65 </listitem>
66 <listitem>
67 <para>
68 Estimated disk space required: &cyrus-sasl-buildsize;
69 </para>
70 </listitem>
71 <listitem>
72 <para>
73 Estimated build time: &cyrus-sasl-time;
74 </para>
75 </listitem>
76 </itemizedlist>
77<!-- Not needed at version 2.1.27
78 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
79 <itemizedlist spacing="compact">
80 <listitem>
81 <para>
82 Required patch:
83 <ulink url="&patch-root;/cyrus-sasl-&cyrus-sasl-version;-fixes-3.patch"/>
84 </para>
85 </listitem>
86 <listitem>
87 <para>
88 Required patch:
89 <ulink url="&patch-root;/cyrus-sasl-&cyrus-sasl-version;-openssl-1.1.0-1.patch"/>
90 </para>
91 </listitem>
92 </itemizedlist>
93-->
94 <bridgehead renderas="sect3">Cyrus SASL Dependencies</bridgehead>
95
96 <bridgehead renderas="sect4">Recommended</bridgehead>
97 <para role="recommended">
98 <xref linkend="db"/>
99 </para>
100
101 <bridgehead renderas="sect4">Optional</bridgehead>
102 <para role="optional">
103 <xref linkend="linux-pam"/>,
104 <xref linkend="mitkrb"/>,
105 <xref linkend="mariadb"/> or <ulink url="http://www.mysql.com/">MySQL</ulink>,
106 <xref linkend="openjdk"/>,
107 <xref linkend="openldap"/>,
108 <xref linkend="postgresql"/>,
109 <xref linkend="sqlite"/>,
110 <ulink url="ftp://ftp.pdc.kth.se/pub/krb/src/">krb4</ulink> and
111 <ulink url="http://dmalloc.com/">Dmalloc</ulink>
112 </para>
113
114 <para condition="html" role="usernotes">User Notes:
115 <ulink url="&blfs-wiki;/cyrus-sasl"/>
116 </para>
117 </sect2>
118
119 <sect2 role="installation">
120 <title>Installation of Cyrus SASL</title>
121
122 <note>
123 <para>
124 This package does not support parallel build.
125 </para>
126 </note>
127
128 <para>
129 Install <application>Cyrus SASL</application> by
130 running the following commands:
131 </para>
132
133<screen><userinput>./configure --prefix=/usr \
134 --sysconfdir=/etc \
135 --enable-auth-sasldb \
136 --with-dbpath=/var/lib/sasl/sasldb2 \
137 --with-saslauthd=/var/run/saslauthd &amp;&amp;
138make -j1</userinput></screen>
139
140 <para>
141 This package does not come with a test suite. If you are planning
142 on using the GSSAPI authentication mechanism, test
143 it after installing the package using the sample server and client
144 programs which were built in the preceding step. Instructions for
145 performing the tests can be found at
146 <ulink url="&hints-root;/downloads/files/cyrus-sasl.txt"/>.
147 </para>
148
149 <para>
150 Now, as the <systemitem class="username">root</systemitem> user:
151 </para>
152
153<screen role="root"><userinput>make install &amp;&amp;
154install -v -dm755 /usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/html &amp;&amp;
155install -v -m844 saslauthd/LDAP_SASLAUTHD /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; &amp;&amp;
156install -v -m644 doc/html/*.html /usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/html &amp;&amp;
157install -v -dm700 /var/lib/sasl</userinput></screen>
158
159 </sect2>
160
161 <sect2 role="commands">
162 <title>Command Explanations</title>
163
164 <para>
165 <parameter>--with-dbpath=/var/lib/sasl/sasldb2</parameter>: This
166 switch forces the <command>sasldb</command> database to be created
167 in <filename class="directory">/var/lib/sasl</filename> instead of
168 <filename class="directory">/etc</filename>.
169 </para>
170
171 <para>
172 <parameter>--with-saslauthd=/var/run/saslauthd</parameter>: This
173 switch forces <command>saslauthd</command> to use the FHS compliant
174 directory <filename class="directory">/var/run/saslauthd</filename>
175 for variable run-time data.
176 </para>
177
178 <para>
179 <parameter>--enable-auth-sasldb</parameter>: This switch enables
180 SASLDB authentication backend.
181 </para>
182
183 <para>
184 <option>--with-dblib=gdbm</option>: This switch forces
185 <application>GDBM</application> to be used instead of
186 <application>Berkeley DB</application>.
187 </para>
188
189 <para>
190 <option>--with-ldap</option>: This switch enables the
191 <application>OpenLDAP</application> support.
192 </para>
193
194 <para>
195 <option>--enable-ldapdb</option>: This switch enables the
196 LDAPDB authentication backend. There is a circular dependency with this
197 parameter. See <ulink url="&blfs-wiki;/cyrus-sasl"/> for a solution to
198 this problem.
199 </para>
200
201 <para>
202 <option>--enable-java</option>: This switch enables compiling of the
203 <application>Java</application> support libraries.
204 </para>
205
206 <para>
207 <option>--enable-login</option>: This option enables unsupported
208 LOGIN authentication.
209 </para>
210
211 <para>
212 <option>--enable-ntlm</option>: This option enables unsupported
213 NTLM authentication.
214 </para>
215
216 <para>
217 <command>install -v -m644 ...</command>: These commands
218 install documentation which is not installed by the
219 <command>make install</command> command.
220 </para>
221
222 <para>
223 <command>install -v -m700 -d /var/lib/sasl</command>: This directory
224 must exist when starting <command>saslauthd</command> or using the
225 sasldb plugin. If you're not going to be running the daemon or
226 using the plugins, you may omit the creation of this directory.
227 </para>
228
229 </sect2>
230
231 <sect2 role="configuration">
232 <title>Configuring Cyrus SASL</title>
233
234 <sect3 id="cyrus-sasl-config">
235 <title>Config Files</title>
236
237 <para>
238 <filename>/etc/saslauthd.conf</filename>
239 (for <command>saslauthd</command> LDAP configuration) and
240 <filename>/etc/sasl2/Appname.conf</filename>
241 (where "Appname" is the application defined name of the application)
242 </para>
243
244 <indexterm zone="cyrus-sasl cyrus-sasl-config">
245 <primary sortas="e-etc-saslauthd.conf">/etc/saslauthd.conf</primary>
246 </indexterm>
247
248 </sect3>
249
250 <sect3>
251 <title>Configuration Information</title>
252
253 <para>
254 See
255 <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/sysadmin.html"/>
256 for information on what to include in the application configuration files.
257 </para>
258
259 <para>
260 See
261 <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/LDAP_SASLAUTHD"/>
262 for configuring <command>saslauthd</command> with
263 <application>OpenLDAP</application>.
264 </para>
265
266 <para>
267 See
268 <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/gssapi.html"/>
269 for configuring <command>saslauthd</command> with <application>Kerberos</application>.
270 </para>
271
272 </sect3>
273
274 <sect3 id="cyrus-sasl-init">
275 <title><phrase revision="sysv">Init Script</phrase>
276 <phrase revision="systemd">Systemd Unit</phrase></title>
277
278 <para revision="sysv">
279 If you need to run the <command>saslauthd</command> daemon at system
280 startup, install the <filename>/etc/rc.d/init.d/saslauthd</filename>
281 init script included in the
282 <xref linkend="bootscripts"/> package using the following command:
283 </para>
284
285 <para revision="systemd">
286 If you need to run the <command>saslauthd</command> daemon at system
287 startup, install the <filename>saslauthd.service</filename> unit
288 included in the <xref linkend="systemd-units"/> package using the
289 following command:
290 </para>
291
292 <indexterm zone="cyrus-sasl cyrus-sasl-init">
293 <primary sortas="f-saslauthd">saslauthd</primary>
294 </indexterm>
295
296<screen role="root"><userinput>make install-saslauthd</userinput></screen>
297
298 <note>
299 <para>
300 You'll need to modify
301 <filename revision="sysv">/etc/sysconfig/saslauthd</filename>
302 <filename revision="systemd">/etc/default/saslauthd</filename>
303 and modify the
304 <option revision="sysv">AUTHMECH</option>
305 <option revision="systemd">MECHANISM</option>
306 parameter with your desired authentication mechanism.
307 </para>
308 </note>
309
310 </sect3>
311
312 </sect2>
313
314 <sect2 role="content">
315 <title>Contents</title>
316
317 <segmentedlist>
318 <segtitle>Installed Programs</segtitle>
319 <segtitle>Installed Library</segtitle>
320 <segtitle>Installed Directories</segtitle>
321
322 <seglistitem>
323 <seg>
324 pluginviewer, saslauthd, sasldblistusers2, saslpasswd2 and
325 testsaslauthd
326 </seg>
327 <seg>
328 libsasl2.so
329 </seg>
330 <seg>
331 /usr/include/sasl,
332 /usr/lib/sasl2,
333 /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; and
334 /var/lib/sasl
335 </seg>
336 </seglistitem>
337 </segmentedlist>
338
339 <variablelist>
340 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
341 <?dbfo list-presentation="list"?>
342 <?dbhtml list-presentation="table"?>
343
344 <varlistentry id="pluginviewer">
345 <term><command>pluginviewer</command></term>
346 <listitem>
347 <para>
348 is used to list loadable SASL plugins and their properties.
349 </para>
350 <indexterm zone="cyrus-sasl pluginviewer">
351 <primary sortas="b-pluginviewer">pluginviewer</primary>
352 </indexterm>
353 </listitem>
354 </varlistentry>
355
356 <varlistentry id="saslauthd">
357 <term><command>saslauthd</command></term>
358 <listitem>
359 <para>
360 is the SASL authentication server.
361 </para>
362 <indexterm zone="cyrus-sasl saslauthd">
363 <primary sortas="b-saslauthd">saslauthd</primary>
364 </indexterm>
365 </listitem>
366 </varlistentry>
367
368 <varlistentry id="sasldblistusers2">
369 <term><command>sasldblistusers2</command></term>
370 <listitem>
371 <para>
372 is used to list the users in the SASL password database
373 <filename>sasldb2</filename>.
374 </para>
375 <indexterm zone="cyrus-sasl sasldblistusers2">
376 <primary sortas="b-sasldblistusers2">sasldblistusers2</primary>
377 </indexterm>
378 </listitem>
379 </varlistentry>
380
381 <varlistentry id="saslpasswd2">
382 <term><command>saslpasswd2</command></term>
383 <listitem>
384 <para>
385 is used to set and delete a user's SASL password and
386 mechanism specific secrets in the SASL password
387 database <filename>sasldb2</filename>.
388 </para>
389 <indexterm zone="cyrus-sasl saslpasswd2">
390 <primary sortas="b-saslpasswd2">saslpasswd2</primary>
391 </indexterm>
392 </listitem>
393 </varlistentry>
394
395 <varlistentry id="testsaslauthd">
396 <term><command>testsaslauthd</command></term>
397 <listitem>
398 <para>
399 is a test utility for the SASL authentication server.
400 </para>
401 <indexterm zone="cyrus-sasl testsaslauthd">
402 <primary sortas="b-testsaslauthd">testsaslauthd</primary>
403 </indexterm>
404 </listitem>
405 </varlistentry>
406
407 <varlistentry id="libsasl2">
408 <term><filename class="libraryfile">libsasl2.so</filename></term>
409 <listitem>
410 <para>
411 is a general purpose authentication library for server
412 and client applications.
413 </para>
414 <indexterm zone="cyrus-sasl libsasl2">
415 <primary sortas="c-libsasl2">libsasl2.so</primary>
416 </indexterm>
417 </listitem>
418 </varlistentry>
419
420 </variablelist>
421
422 </sect2>
423
424</sect1>
Note: See TracBrowser for help on using the repository browser.