linux-from-scratch/glfs
1
0
Fork 0
mirror of https://github.com/Zeckmathederg/glfs.git synced 2025-02-01 04:52:12 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
100338997b
glfs/postlfs/security/cyrus-sasl.xml
Randy McMurchy 254a24cfa3 Changed the instructions in the Cyrus-SASL installation to alter the permissions of the state dir, thanks to Claus Regelmann for the report 
git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@8288 af4574ff-66df-0310-9fd7-8a98e5e911e0
2010-03-05 23:24:35 +00:00

283 lines
10 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
<!ENTITY cyrus-sasl-download-http "http://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-&cyrus-sasl-version;.tar.gz">
<!ENTITY cyrus-sasl-download-ftp "ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-&cyrus-sasl-version;.tar.gz">
<!ENTITY cyrus-sasl-md5sum "2eb0e48106f0e9cd8001e654f267ecbc">
<!ENTITY cyrus-sasl-size "1.6 MB">
<!ENTITY cyrus-sasl-buildsize "17 MB">
<!ENTITY cyrus-sasl-time "0.3 SBU">
]>
<sect1 id="cyrus-sasl" xreflabel="Cyrus SASL-&cyrus-sasl-version;">
<?dbhtml filename="cyrus-sasl.html"?>
<sect1info>
<othername>$LastChangedBy$</othername>
<date>$Date$</date>
</sect1info>
<title>Cyrus SASL-&cyrus-sasl-version;</title>
<indexterm zone="cyrus-sasl">
<primary sortas="a-Cyrus-SASL">Cyrus SASL</primary>
</indexterm>
<sect2 role="package">
<title>Introduction to Cyrus SASL</title>
<para>The <application>Cyrus SASL</application> package contains a Simple
Authentication and Security Layer, a method for adding authentication
support to connection-based protocols. To use SASL, a protocol includes a
command for identifying and authenticating a user to a server and for
optionally negotiating protection of subsequent protocol interactions. If
its use is negotiated, a security layer is inserted between the protocol
and the connection.</para>
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>Download (HTTP): <ulink url="&cyrus-sasl-download-http;"/></para>
</listitem>
<listitem>
<para>Download (FTP): <ulink url="&cyrus-sasl-download-ftp;"/></para>
</listitem>
<listitem>
<para>Download MD5 sum: &cyrus-sasl-md5sum;</para>
</listitem>
<listitem>
<para>Download size: &cyrus-sasl-size;</para>
</listitem>
<listitem>
<para>Estimated disk space required: &cyrus-sasl-buildsize;</para>
</listitem>
<listitem>
<para>Estimated build time: &cyrus-sasl-time;</para>
</listitem>
</itemizedlist>
<bridgehead renderas="sect3">Cyrus SASL Dependencies</bridgehead>
<bridgehead renderas="sect4">Required</bridgehead>
<para role="required"><xref linkend="openssl"/></para>
<bridgehead renderas="sect4">Optional</bridgehead>
<para role="optional"><xref linkend="linux-pam"/>,
<xref linkend="openldap"/>,
<xref linkend="heimdal"/> or <xref linkend="mitkrb"/>,
<xref linkend="jdk"/>,
<xref linkend="mysql"/>,
<xref linkend="postgresql"/>,
<xref linkend="db"/>,
<xref linkend="sqlite"/>,
<!-- <xref linkend="gdbm"/>,
<xref linkend="courier"/>, -->
<ulink url="http://www.pdc.kth.se/kth-krb/">krb4</ulink>, and
<ulink url="http://dmalloc.com/">Dmalloc</ulink></para>
<para condition="html" role="usernotes">User Notes:
<ulink url="&blfs-wiki;/cyrus-sasl"/></para>
</sect2>
<sect2 role="installation">
<title>Installation of Cyrus SASL</title>
<para>Install <application>Cyrus SASL</application> by
running the following commands:</para>
<screen><userinput>sed -i.bak 's/#elif WITH_DES/#elif defined(WITH_DES)/' \
plugins/digestmd5.c &amp;&amp;
./configure --prefix=/usr \
--sysconfdir=/etc \
--with-dbpath=/var/lib/sasl/sasldb2 \
--with-saslauthd=/var/run/saslauthd &amp;&amp;
make</userinput></screen>
<para>This package does not come with a test suite. If you are planning
on using the GSSAPI authentication mechanism, it is recommended to test
it after installing the package using the sample server and client programs
which were built in the preceding step. Instructions for performing the
tests can be found at <ulink
url="&hints-root;/downloads/files/cyrus-sasl.txt"/>.</para>
<para>Now, as the <systemitem class="username">root</systemitem> user:</para>
<screen role="root"><userinput>make install &amp;&amp;
install -v -m755 -d /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; &amp;&amp;
install -v -m644 doc/{*.{html,txt,fig},ONEWS,TODO} \
saslauthd/LDAP_SASLAUTHD /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; &amp;&amp;
install -v -m700 -d /var/lib/sasl &amp;&amp;
install -v -m711 -d /var/run/saslauthd</userinput></screen>
</sect2>
<sect2 role="commands">
<title>Command Explanations</title>
<para><command>sed -i.bak ... plugins/digestmd5.c</command>: This fixes
a build problem caused by using newer compilers.</para>
<para><parameter>--with-dbpath=/var/lib/sasl/sasldb2</parameter>: This
parameter forces the <command>sasldb</command> database to be created
in <filename class='directory'>/var/lib/sasl</filename> instead of
<filename class='directory'>/etc</filename>.</para>
<para><parameter>--with-saslauthd=/var/run/saslauthd</parameter>: This
parameter forces <command>saslauthd</command> to use the FHS compliant
directory <filename class='directory'>/var/run/saslauthd</filename> for
variable run-time data.</para>
<para><parameter>--with-dblib=gdbm</parameter>: This parameter forces
<application>GDBM</application> to be used instead of
<application>Berkeley DB</application>.</para>
<para><option>--with-ldap</option>: This parameter enables use
with <application>OpenLDAP</application>.</para>
<para><option>--enable-ldapdb</option>: This parameter enables the
LDAPDB authentication backend. There is a circular dependency with this
parameter. See <ulink url="&blfs-wiki;/cyrus-sasl"/> for a solution to
this problem.</para>
<para><command>install -v -m644 ...</command>: These commands
install documentation which is not installed by the
<command>make install</command> command.</para>
<para><command>install -v -m700 -d /var/lib/sasl ... -m711 /var/run/saslauthd</command>:
These directories must exist when starting <command>saslauthd</command> or
using the sasldb plugin. If you're not going to be running the daemon or
using the plugins, you may omit the creation of this directory.</para>
</sect2>
<sect2 role="configuration">
<title>Configuring Cyrus SASL</title>
<sect3 id="cyrus-sasl-config">
<title>Config Files</title>
<para><filename>/etc/saslauthd.conf</filename> (for
<command>saslauthd</command> LDAP configuration)
and <filename>/etc/sasl2/Appname.conf</filename> (where "Appname"
is the application defined name of the application)</para>
<indexterm zone="cyrus-sasl cyrus-sasl-config">
<primary sortas="e-etc-saslauthd.conf">/etc/saslauthd.conf</primary>
</indexterm>
</sect3>
<sect3>
<title>Configuration Information</title>
<para>See <ulink
url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/sysadmin.html"/>
for information on what to include in the application configuration files.
See <ulink
url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/LDAP_SASLAUTHD"/>
for configuring <command>saslauthd</command> with
<application>OpenLDAP</application>.</para>
</sect3>
<sect3 id="cyrus-sasl-init">
<title>Init Script</title>
<para>If you need to run the <command>saslauthd</command> daemon at system
startup, install the <filename>/etc/rc.d/init.d/cyrus-sasl</filename>
init script included in the <xref linkend="bootscripts"/>
package.</para>
<indexterm zone="cyrus-sasl cyrus-sasl-init">
<primary sortas="f-cyrus-sasl-init">cyrus-sasl</primary>
</indexterm>
<screen role="root"><userinput>make install-cyrus-sasl</userinput></screen>
<note>
<para>You'll need to modify the init script and replace the
<option><replaceable>&lt;authmech&gt;</replaceable></option> parameter
to the <option>-a</option> switch with your desired authentication
mechanism.</para>
</note>
</sect3>
</sect2>
<sect2 role="content">
<title>Contents</title>
<segmentedlist>
<segtitle>Installed Programs</segtitle>
<segtitle>Installed Libraries</segtitle>
<segtitle>Installed Directories</segtitle>
<seglistitem>
<seg>saslauthd, sasldblistusers2, and saslpasswd2</seg>
<seg>libjavasasl.so, libsasl2.so, and numerous SASL plugins and
Java classes</seg>
<seg>/usr/include/sasl, /usr/lib/java/classes/sasl, /usr/lib/sasl2,
/usr/share/doc/cyrus-sasl-&cyrus-sasl-version;, and /var/lib/sasl</seg>
</seglistitem>
</segmentedlist>
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
<?dbhtml list-presentation="table"?>
<varlistentry id="saslauthd">
<term><command>saslauthd</command></term>
<listitem>
<para>is the SASL authentication server.</para>
<indexterm zone="cyrus-sasl saslauthd">
<primary sortas="b-saslauthd">saslauthd</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="sasldblistusers2">
<term><command>sasldblistusers2</command></term>
<listitem>
<para>is used to list the users in the SASL password database
<filename>sasldb2</filename>.</para>
<indexterm zone="cyrus-sasl sasldblistusers2">
<primary sortas="b-sasldblistusers2">sasldblistusers2</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="saslpasswd2">
<term><command>saslpasswd2</command></term>
<listitem>
<para>is used to set and delete a user's SASL password and
mechanism specific secrets in the SASL password database
<filename>sasldb2</filename>.</para>
<indexterm zone="cyrus-sasl saslpasswd2">
<primary sortas="b-saslpasswd2">saslpasswd2</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="libsasl2">
<term><filename class='libraryfile'>libsasl2.so</filename></term>
<listitem>
<para>is a general purpose authentication library for server and
client applications.</para>
<indexterm zone="cyrus-sasl libsasl2">
<primary sortas="c-libsasl2">libsasl2.so</primary>
</indexterm>
</listitem>
</varlistentry>
</variablelist>
</sect2>
</sect1>
Reference in New Issue View Git Blame Copy Permalink