source: postlfs/security/cyrus-sasl.xml@ faf325d

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since faf325d was faf325d, checked in by Krejzi <krejzi@…>, 11 years ago

Package updates and fixes. kdepim patch unnecesary with 4.10.3. Fix alsa-lib issues when building libkcompactdisc.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@11169 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 12.5 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY cyrus-sasl-download-http " ">
8 <!ENTITY cyrus-sasl-download-ftp "ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-&cyrus-sasl-version;.tar.gz">
9 <!ENTITY cyrus-sasl-md5sum "a7f4e5e559a0e37b3ffc438c9456e425">
10 <!ENTITY cyrus-sasl-size "5.0 MB">
11 <!ENTITY cyrus-sasl-buildsize "30 MB">
12 <!ENTITY cyrus-sasl-time "0.5 SBU">
13]>
14
15<sect1 id="cyrus-sasl" xreflabel="Cyrus SASL-&cyrus-sasl-version;">
16 <?dbhtml filename="cyrus-sasl.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>Cyrus SASL-&cyrus-sasl-version;</title>
24
25 <indexterm zone="cyrus-sasl">
26 <primary sortas="a-Cyrus-SASL">Cyrus SASL</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to Cyrus SASL</title>
31
32 <para>
33 The <application>Cyrus SASL</application> package contains a Simple
34 Authentication and Security Layer, a method for adding authentication
35 support to connection-based protocols. To use SASL, a protocol includes
36 a command for identifying and authenticating a user to a server and for
37 optionally negotiating protection of subsequent protocol interactions.
38 If its use is negotiated, a security layer is inserted between the
39 protocol and the connection.
40 </para>
41
42 &lfs73_checked;
43
44 <bridgehead renderas="sect3">Package Information</bridgehead>
45 <itemizedlist spacing="compact">
46 <listitem>
47 <para>
48 Download (HTTP): <ulink url="&cyrus-sasl-download-http;"/>
49 </para>
50 </listitem>
51 <listitem>
52 <para>
53 Download (FTP): <ulink url="&cyrus-sasl-download-ftp;"/>
54 </para>
55 </listitem>
56 <listitem>
57 <para>
58 Download MD5 sum: &cyrus-sasl-md5sum;
59 </para>
60 </listitem>
61 <listitem>
62 <para>
63 Download size: &cyrus-sasl-size;
64 </para>
65 </listitem>
66 <listitem>
67 <para>
68 Estimated disk space required: &cyrus-sasl-buildsize;
69 </para>
70 </listitem>
71 <listitem>
72 <para>
73 Estimated build time: &cyrus-sasl-time;
74 </para>
75 </listitem>
76 </itemizedlist>
77
78 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
79 <itemizedlist spacing="compact">
80 <listitem>
81 <para>
82 Required patch:
83 <ulink url="&patch-root;/cyrus-sasl-&cyrus-sasl-version;-fixes-1.patch"/>
84 </para>
85 </listitem>
86 </itemizedlist>
87
88 <bridgehead renderas="sect3">Cyrus SASL Dependencies</bridgehead>
89
90 <bridgehead renderas="sect4">Required</bridgehead>
91 <para role="required">
92 <xref linkend="openssl"/>
93 </para>
94
95 <bridgehead renderas="sect4">Recommended</bridgehead>
96 <para role="recommended">
97 <xref linkend="db"/>
98 </para>
99
100 <bridgehead renderas="sect4">Optional</bridgehead>
101 <para role="optional">
102 <xref linkend="linux-pam"/>,
103 <xref linkend="mitkrb"/>,
104 <xref linkend="mysql"/>,
105 <xref linkend="openjdk"/>,
106 <xref linkend="openldap"/>,
107 <xref linkend="postgresql"/>,
108 <xref linkend="sqlite"/>,
109 <ulink url="http://www.pdc.kth.se/kth-krb/">krb4</ulink> and
110 <ulink url="http://dmalloc.com/">Dmalloc</ulink>
111 </para>
112
113 <para condition="html" role="usernotes">User Notes:
114 <ulink url="&blfs-wiki;/cyrus-sasl"/>
115 </para>
116 </sect2>
117
118 <sect2 role="installation">
119 <title>Installation of Cyrus SASL</title>
120
121 <para>
122 Install <application>Cyrus SASL</application> by
123 running the following commands:
124 </para>
125
126<screen><userinput>patch -Np1 -i ../cyrus-sasl-&cyrus-sasl-version;-fixes-1.patch &amp;&amp;
127autoreconf -fi &amp;&amp;
128pushd saslauthd
129autoreconf -fi &amp;&amp;
130popd
131./configure --prefix=/usr \
132 --sysconfdir=/etc \
133 --with-dbpath=/var/lib/sasl/sasldb2 \
134 --with-saslauthd=/var/run/saslauthd &amp;&amp;
135make</userinput></screen>
136
137 <para>
138 This package does not come with a test suite. If you are planning
139 on using the GSSAPI authentication mechanism, it is recommended to test
140 it after installing the package using the sample server and client
141 programs which were built in the preceding step. Instructions for
142 performing the tests can be found at
143 <ulink url="&hints-root;/downloads/files/cyrus-sasl.txt"/>.
144 </para>
145
146 <para>
147 Now, as the <systemitem class="username">root</systemitem> user:
148 </para>
149
150<screen role="root"><userinput>make install &amp;&amp;
151install -v -dm755 /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; &amp;&amp;
152install -v -m644 doc/{*.{html,txt,fig},ONEWS,TODO} \
153 saslauthd/LDAP_SASLAUTHD /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; &amp;&amp;
154install -v -dm700 /var/lib/sasl</userinput></screen>
155
156 </sect2>
157
158 <sect2 role="commands">
159 <title>Command Explanations</title>
160
161 <para>
162 <parameter>--with-dbpath=/var/lib/sasl/sasldb2</parameter>: This
163 switch forces the <command>sasldb</command> database to be created
164 in <filename class="directory">/var/lib/sasl</filename> instead of
165 <filename class="directory">/etc</filename>.
166 </para>
167
168 <para>
169 <parameter>--with-saslauthd=/var/run/saslauthd</parameter>: This
170 switch forces <command>saslauthd</command> to use the FHS compliant
171 directory <filename class="directory">/var/run/saslauthd</filename>
172 for variable run-time data.
173 </para>
174
175 <para>
176 <parameter>--with-dblib=gdbm</parameter>: This switch forces
177 <application>GDBM</application> to be used instead of
178 <application>Berkeley DB</application>.
179 </para>
180
181 <para>
182 <option>--with-ldap</option>: This switch enables the
183 <application>OpenLDAP</application> support.
184 </para>
185
186 <para>
187 <option>--enable-ldapdb</option>: This switch enables the
188 LDAPDB authentication backend. There is a circular dependency with this
189 parameter. See <ulink url="&blfs-wiki;/cyrus-sasl"/> for a solution to
190 this problem.
191 </para>
192
193 <para>
194 <option>--enable-java</option>: This switch enables compiling of the
195 <application>Java</application> support libraries.
196 </para>
197
198 <para>
199 <option>--enable-login</option>: This option enables unsupported
200 LOGIN authentication.
201 </para>
202
203 <para>
204 <option>--enable-ntlm</option>: This option enables unsupported
205 NTLM authentication.
206 </para>
207
208 <para>
209 <command>install -v -m644 ...</command>: These commands
210 install documentation which is not installed by the
211 <command>make install</command> command.
212 </para>
213
214 <para>
215 <command>install -v -m700 -d /var/lib/sasl</command>: This directory
216 must exist when starting <command>saslauthd</command> or using the
217 sasldb plugin. If you're not going to be running the daemon or
218 using the plugins, you may omit the creation of this directory.
219 </para>
220
221 </sect2>
222
223 <sect2 role="configuration">
224 <title>Configuring Cyrus SASL</title>
225
226 <sect3 id="cyrus-sasl-config">
227 <title>Config Files</title>
228
229 <para>
230 <filename>/etc/saslauthd.conf</filename>
231 (for <command>saslauthd</command> LDAP configuration) and
232 <filename>/etc/sasl2/Appname.conf</filename>
233 (where "Appname" is the application defined name of the application)
234 </para>
235
236 <indexterm zone="cyrus-sasl cyrus-sasl-config">
237 <primary sortas="e-etc-saslauthd.conf">/etc/saslauthd.conf</primary>
238 </indexterm>
239
240 </sect3>
241
242 <sect3>
243 <title>Configuration Information</title>
244
245 <para>
246 See
247 <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/sysadmin.html"/>
248 for information on what to include in the application configuration files.
249 </para>
250
251 <para>
252 See
253 <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/LDAP_SASLAUTHD"/>
254 for configuring <command>saslauthd</command> with
255 <application>OpenLDAP</application>.
256 </para>
257
258 <para>
259 See
260 <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/gssapi.html"/>
261 for configuring <command>saslauthd</command> with <application>Kerberos</application>.
262 </para>
263
264 </sect3>
265
266 <sect3 id="cyrus-sasl-init">
267 <title>Init Script</title>
268
269 <para>
270 If you need to run the <command>saslauthd</command> daemon at system
271 startup, install the <filename>/etc/rc.d/init.d/saslauthd</filename>
272 init script included in the <xref linkend="bootscripts"/>
273 package using the following command:
274 </para>
275
276 <indexterm zone="cyrus-sasl cyrus-sasl-init">
277 <primary sortas="f-saslauthd">saslauthd</primary>
278 </indexterm>
279
280<screen role="root"><userinput>make install-saslauthd</userinput></screen>
281
282 <note>
283 <para>
284 You'll need to modify /etc/sysconfig/saslauthd and replace the
285 <option><replaceable>AUTHMECH</replaceable></option> parameter
286 with your desired authentication mechanism.
287 </para>
288 </note>
289
290 </sect3>
291
292 </sect2>
293
294 <sect2 role="content">
295 <title>Contents</title>
296
297 <segmentedlist>
298 <segtitle>Installed Programs</segtitle>
299 <segtitle>Installed Library</segtitle>
300 <segtitle>Installed Directories</segtitle>
301
302 <seglistitem>
303 <seg>
304 pluginviewer, saslauthd, sasldblistusers2, saslpasswd2 and
305 testsaslauthd
306 </seg>
307 <seg>
308 libsasl2.so
309 </seg>
310 <seg>
311 /usr/include/sasl,
312 /usr/lib/sasl2,
313 /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; and
314 /var/lib/sasl
315 </seg>
316 </seglistitem>
317 </segmentedlist>
318
319 <variablelist>
320 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
321 <?dbfo list-presentation="list"?>
322 <?dbhtml list-presentation="table"?>
323
324 <varlistentry id="pluginviewer">
325 <term><command>pluginviewer</command></term>
326 <listitem>
327 <para>
328 is used to list loadable SASL plugins and their properties.
329 </para>
330 <indexterm zone="cyrus-sasl pluginviewer">
331 <primary sortas="b-pluginviewer">pluginviewer</primary>
332 </indexterm>
333 </listitem>
334 </varlistentry>
335
336 <varlistentry id="saslauthd">
337 <term><command>saslauthd</command></term>
338 <listitem>
339 <para>
340 is the SASL authentication server.
341 </para>
342 <indexterm zone="cyrus-sasl saslauthd">
343 <primary sortas="b-saslauthd">saslauthd</primary>
344 </indexterm>
345 </listitem>
346 </varlistentry>
347
348 <varlistentry id="sasldblistusers2">
349 <term><command>sasldblistusers2</command></term>
350 <listitem>
351 <para>
352 is used to list the users in the SASL password database
353 <filename>sasldb2</filename>.
354 </para>
355 <indexterm zone="cyrus-sasl sasldblistusers2">
356 <primary sortas="b-sasldblistusers2">sasldblistusers2</primary>
357 </indexterm>
358 </listitem>
359 </varlistentry>
360
361 <varlistentry id="saslpasswd2">
362 <term><command>saslpasswd2</command></term>
363 <listitem>
364 <para>
365 is used to set and delete a user's SASL password and
366 mechanism specific secrets in the SASL password
367 database <filename>sasldb2</filename>.
368 </para>
369 <indexterm zone="cyrus-sasl saslpasswd2">
370 <primary sortas="b-saslpasswd2">saslpasswd2</primary>
371 </indexterm>
372 </listitem>
373 </varlistentry>
374
375 <varlistentry id="testsaslauthd">
376 <term><command>testsaslauthd</command></term>
377 <listitem>
378 <para>
379 is a test utility for the SASL authentication server.
380 </para>
381 <indexterm zone="cyrus-sasl testsaslauthd">
382 <primary sortas="b-testsaslauthd">testsaslauthd</primary>
383 </indexterm>
384 </listitem>
385 </varlistentry>
386
387 <varlistentry id="libsasl2">
388 <term><filename class="libraryfile">libsasl2.so</filename></term>
389 <listitem>
390 <para>
391 is a general purpose authentication library for server
392 and client applications.
393 </para>
394 <indexterm zone="cyrus-sasl libsasl2">
395 <primary sortas="c-libsasl2">libsasl2.so</primary>
396 </indexterm>
397 </listitem>
398 </varlistentry>
399
400 </variablelist>
401
402 </sect2>
403
404</sect1>
Note: See TracBrowser for help on using the repository browser.