source: postlfs/security/cyrus-sasl.xml@ f859e6fd

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 7.10 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since f859e6fd was f859e6fd, checked in by Igor Živković <igor@…>, 10 years ago

formatting

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@14482 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 12.7 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY cyrus-sasl-download-http " ">
8 <!ENTITY cyrus-sasl-download-ftp "ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-&cyrus-sasl-version;.tar.gz">
9 <!ENTITY cyrus-sasl-md5sum "a7f4e5e559a0e37b3ffc438c9456e425">
10 <!ENTITY cyrus-sasl-size "5.0 MB">
11 <!ENTITY cyrus-sasl-buildsize "30 MB">
12 <!ENTITY cyrus-sasl-time "0.5 SBU">
13]>
14
15<sect1 id="cyrus-sasl" xreflabel="Cyrus SASL-&cyrus-sasl-version;">
16 <?dbhtml filename="cyrus-sasl.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>Cyrus SASL-&cyrus-sasl-version;</title>
24
25 <indexterm zone="cyrus-sasl">
26 <primary sortas="a-Cyrus-SASL">Cyrus SASL</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to Cyrus SASL</title>
31
32 <para>
33 The <application>Cyrus SASL</application> package contains a Simple
34 Authentication and Security Layer, a method for adding authentication
35 support to connection-based protocols. To use SASL, a protocol includes
36 a command for identifying and authenticating a user to a server and for
37 optionally negotiating protection of subsequent protocol interactions.
38 If its use is negotiated, a security layer is inserted between the
39 protocol and the connection.
40 </para>
41
42 &lfs76_checked;
43
44 <bridgehead renderas="sect3">Package Information</bridgehead>
45 <itemizedlist spacing="compact">
46 <listitem>
47 <para>
48 Download (HTTP): <ulink url="&cyrus-sasl-download-http;"/>
49 </para>
50 </listitem>
51 <listitem>
52 <para>
53 Download (FTP): <ulink url="&cyrus-sasl-download-ftp;"/>
54 </para>
55 </listitem>
56 <listitem>
57 <para>
58 Download MD5 sum: &cyrus-sasl-md5sum;
59 </para>
60 </listitem>
61 <listitem>
62 <para>
63 Download size: &cyrus-sasl-size;
64 </para>
65 </listitem>
66 <listitem>
67 <para>
68 Estimated disk space required: &cyrus-sasl-buildsize;
69 </para>
70 </listitem>
71 <listitem>
72 <para>
73 Estimated build time: &cyrus-sasl-time;
74 </para>
75 </listitem>
76 </itemizedlist>
77
78 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
79 <itemizedlist spacing="compact">
80 <listitem>
81 <para>
82 Required patch:
83 <ulink url="&patch-root;/cyrus-sasl-&cyrus-sasl-version;-fixes-3.patch"/>
84 </para>
85 </listitem>
86 </itemizedlist>
87
88 <bridgehead renderas="sect3">Cyrus SASL Dependencies</bridgehead>
89
90 <bridgehead renderas="sect4">Required</bridgehead>
91 <para role="required">
92 <xref linkend="openssl"/>
93 </para>
94
95 <bridgehead renderas="sect4">Recommended</bridgehead>
96 <para role="recommended">
97 <xref linkend="db"/>
98 </para>
99
100 <bridgehead renderas="sect4">Optional</bridgehead>
101 <para role="optional">
102 <xref linkend="linux-pam"/>,
103 <xref linkend="mitkrb"/>,
104 <xref linkend="mariadb"/> or <ulink url="http://www.mysql.com/">MySQL</ulink>,
105 <xref linkend="openjdk"/>,
106 <xref linkend="openldap"/>,
107 <xref linkend="postgresql"/>,
108 <xref linkend="sqlite"/>,
109 <ulink url="ftp://ftp.pdc.kth.se/pub/krb/src/">krb4</ulink> and
110 <ulink url="http://dmalloc.com/">Dmalloc</ulink>
111 </para>
112
113 <para condition="html" role="usernotes">User Notes:
114 <ulink url="&blfs-wiki;/cyrus-sasl"/>
115 </para>
116 </sect2>
117
118 <sect2 role="installation">
119 <title>Installation of Cyrus SASL</title>
120
121 <para>
122 Install <application>Cyrus SASL</application> by
123 running the following commands:
124 </para>
125
126<screen><userinput>patch -Np1 -i ../cyrus-sasl-&cyrus-sasl-version;-fixes-3.patch &amp;&amp;
127autoreconf -fi &amp;&amp;
128./configure --prefix=/usr \
129 --sysconfdir=/etc \
130 --enable-auth-sasldb \
131 --with-dbpath=/var/lib/sasl/sasldb2 \
132 --with-saslauthd=/var/run/saslauthd &amp;&amp;
133make</userinput></screen>
134
135 <para>
136 This package does not come with a test suite. If you are planning
137 on using the GSSAPI authentication mechanism, it is recommended to test
138 it after installing the package using the sample server and client
139 programs which were built in the preceding step. Instructions for
140 performing the tests can be found at
141 <ulink url="&hints-root;/downloads/files/cyrus-sasl.txt"/>.
142 </para>
143
144 <para>
145 Now, as the <systemitem class="username">root</systemitem> user:
146 </para>
147
148<screen role="root"><userinput>make install &amp;&amp;
149install -v -dm755 /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; &amp;&amp;
150install -v -m644 doc/{*.{html,txt,fig},ONEWS,TODO} \
151 saslauthd/LDAP_SASLAUTHD /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; &amp;&amp;
152install -v -dm700 /var/lib/sasl</userinput></screen>
153
154 </sect2>
155
156 <sect2 role="commands">
157 <title>Command Explanations</title>
158
159 <para>
160 <parameter>--with-dbpath=/var/lib/sasl/sasldb2</parameter>: This
161 switch forces the <command>sasldb</command> database to be created
162 in <filename class="directory">/var/lib/sasl</filename> instead of
163 <filename class="directory">/etc</filename>.
164 </para>
165
166 <para>
167 <parameter>--with-saslauthd=/var/run/saslauthd</parameter>: This
168 switch forces <command>saslauthd</command> to use the FHS compliant
169 directory <filename class="directory">/var/run/saslauthd</filename>
170 for variable run-time data.
171 </para>
172
173 <para>
174 <parameter>--enable-auth-sasldb</parameter>: This switch enables
175 SASLDB authentication backend.
176 </para>
177
178 <para>
179 <option>--with-dblib=gdbm</option>: This switch forces
180 <application>GDBM</application> to be used instead of
181 <application>Berkeley DB</application>.
182 </para>
183
184 <para>
185 <option>--with-ldap</option>: This switch enables the
186 <application>OpenLDAP</application> support.
187 </para>
188
189 <para>
190 <option>--enable-ldapdb</option>: This switch enables the
191 LDAPDB authentication backend. There is a circular dependency with this
192 parameter. See <ulink url="&blfs-wiki;/cyrus-sasl"/> for a solution to
193 this problem.
194 </para>
195
196 <para>
197 <option>--enable-java</option>: This switch enables compiling of the
198 <application>Java</application> support libraries.
199 </para>
200
201 <para>
202 <option>--enable-login</option>: This option enables unsupported
203 LOGIN authentication.
204 </para>
205
206 <para>
207 <option>--enable-ntlm</option>: This option enables unsupported
208 NTLM authentication.
209 </para>
210
211 <para>
212 <command>install -v -m644 ...</command>: These commands
213 install documentation which is not installed by the
214 <command>make install</command> command.
215 </para>
216
217 <para>
218 <command>install -v -m700 -d /var/lib/sasl</command>: This directory
219 must exist when starting <command>saslauthd</command> or using the
220 sasldb plugin. If you're not going to be running the daemon or
221 using the plugins, you may omit the creation of this directory.
222 </para>
223
224 </sect2>
225
226 <sect2 role="configuration">
227 <title>Configuring Cyrus SASL</title>
228
229 <sect3 id="cyrus-sasl-config">
230 <title>Config Files</title>
231
232 <para>
233 <filename>/etc/saslauthd.conf</filename>
234 (for <command>saslauthd</command> LDAP configuration) and
235 <filename>/etc/sasl2/Appname.conf</filename>
236 (where "Appname" is the application defined name of the application)
237 </para>
238
239 <indexterm zone="cyrus-sasl cyrus-sasl-config">
240 <primary sortas="e-etc-saslauthd.conf">/etc/saslauthd.conf</primary>
241 </indexterm>
242
243 </sect3>
244
245 <sect3>
246 <title>Configuration Information</title>
247
248 <para>
249 See
250 <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/sysadmin.html"/>
251 for information on what to include in the application configuration files.
252 </para>
253
254 <para>
255 See
256 <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/LDAP_SASLAUTHD"/>
257 for configuring <command>saslauthd</command> with
258 <application>OpenLDAP</application>.
259 </para>
260
261 <para>
262 See
263 <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/gssapi.html"/>
264 for configuring <command>saslauthd</command> with <application>Kerberos</application>.
265 </para>
266
267 </sect3>
268
269 <sect3 id="cyrus-sasl-init">
270 <title>Init Script</title>
271
272 <para>
273 If you need to run the <command>saslauthd</command> daemon at system
274 startup, install the <filename>/etc/rc.d/init.d/saslauthd</filename>
275 init script included in the <xref linkend="bootscripts"/>
276 package using the following command:
277 </para>
278
279 <indexterm zone="cyrus-sasl cyrus-sasl-init">
280 <primary sortas="f-saslauthd">saslauthd</primary>
281 </indexterm>
282
283<screen role="root"><userinput>make install-saslauthd</userinput></screen>
284
285 <note>
286 <para>
287 You'll need to modify /etc/sysconfig/saslauthd and replace the
288 <option><replaceable>AUTHMECH</replaceable></option> parameter
289 with your desired authentication mechanism.
290 </para>
291 </note>
292
293 </sect3>
294
295 </sect2>
296
297 <sect2 role="content">
298 <title>Contents</title>
299
300 <segmentedlist>
301 <segtitle>Installed Programs</segtitle>
302 <segtitle>Installed Library</segtitle>
303 <segtitle>Installed Directories</segtitle>
304
305 <seglistitem>
306 <seg>
307 pluginviewer, saslauthd, sasldblistusers2, saslpasswd2 and
308 testsaslauthd
309 </seg>
310 <seg>
311 libsasl2.so
312 </seg>
313 <seg>
314 /usr/include/sasl,
315 /usr/lib/sasl2,
316 /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; and
317 /var/lib/sasl
318 </seg>
319 </seglistitem>
320 </segmentedlist>
321
322 <variablelist>
323 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
324 <?dbfo list-presentation="list"?>
325 <?dbhtml list-presentation="table"?>
326
327 <varlistentry id="pluginviewer">
328 <term><command>pluginviewer</command></term>
329 <listitem>
330 <para>
331 is used to list loadable SASL plugins and their properties.
332 </para>
333 <indexterm zone="cyrus-sasl pluginviewer">
334 <primary sortas="b-pluginviewer">pluginviewer</primary>
335 </indexterm>
336 </listitem>
337 </varlistentry>
338
339 <varlistentry id="saslauthd">
340 <term><command>saslauthd</command></term>
341 <listitem>
342 <para>
343 is the SASL authentication server.
344 </para>
345 <indexterm zone="cyrus-sasl saslauthd">
346 <primary sortas="b-saslauthd">saslauthd</primary>
347 </indexterm>
348 </listitem>
349 </varlistentry>
350
351 <varlistentry id="sasldblistusers2">
352 <term><command>sasldblistusers2</command></term>
353 <listitem>
354 <para>
355 is used to list the users in the SASL password database
356 <filename>sasldb2</filename>.
357 </para>
358 <indexterm zone="cyrus-sasl sasldblistusers2">
359 <primary sortas="b-sasldblistusers2">sasldblistusers2</primary>
360 </indexterm>
361 </listitem>
362 </varlistentry>
363
364 <varlistentry id="saslpasswd2">
365 <term><command>saslpasswd2</command></term>
366 <listitem>
367 <para>
368 is used to set and delete a user's SASL password and
369 mechanism specific secrets in the SASL password
370 database <filename>sasldb2</filename>.
371 </para>
372 <indexterm zone="cyrus-sasl saslpasswd2">
373 <primary sortas="b-saslpasswd2">saslpasswd2</primary>
374 </indexterm>
375 </listitem>
376 </varlistentry>
377
378 <varlistentry id="testsaslauthd">
379 <term><command>testsaslauthd</command></term>
380 <listitem>
381 <para>
382 is a test utility for the SASL authentication server.
383 </para>
384 <indexterm zone="cyrus-sasl testsaslauthd">
385 <primary sortas="b-testsaslauthd">testsaslauthd</primary>
386 </indexterm>
387 </listitem>
388 </varlistentry>
389
390 <varlistentry id="libsasl2">
391 <term><filename class="libraryfile">libsasl2.so</filename></term>
392 <listitem>
393 <para>
394 is a general purpose authentication library for server
395 and client applications.
396 </para>
397 <indexterm zone="cyrus-sasl libsasl2">
398 <primary sortas="c-libsasl2">libsasl2.so</primary>
399 </indexterm>
400 </listitem>
401 </varlistentry>
402
403 </variablelist>
404
405 </sect2>
406
407</sect1>
Note: See TracBrowser for help on using the repository browser.