mirror of
https://github.com/Zeckmathederg/glfs.git
synced 2025-01-26 08:42:12 +08:00
446 lines
14 KiB
XML
446 lines
14 KiB
XML
<?xml version="1.0" encoding="ISO-8859-1"?>
|
|
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
|
<!ENTITY % general-entities SYSTEM "../../general.ent">
|
|
%general-entities;
|
|
|
|
<!ENTITY cyrus-sasl-download-http "https://github.com/cyrusimap/cyrus-sasl/releases/download/cyrus-sasl-&cyrus-sasl-version;/cyrus-sasl-&cyrus-sasl-version;.tar.gz">
|
|
<!ENTITY cyrus-sasl-download-ftp " ">
|
|
<!ENTITY cyrus-sasl-md5sum "6f228a692516f5318a64505b46966cfa">
|
|
<!ENTITY cyrus-sasl-size "3.9 MB">
|
|
<!ENTITY cyrus-sasl-buildsize "28 MB">
|
|
<!ENTITY cyrus-sasl-time "0.2 SBU">
|
|
]>
|
|
|
|
<sect1 id="cyrus-sasl" xreflabel="Cyrus SASL-&cyrus-sasl-version;">
|
|
<?dbhtml filename="cyrus-sasl.html"?>
|
|
|
|
|
|
<title>Cyrus SASL-&cyrus-sasl-version;</title>
|
|
|
|
<indexterm zone="cyrus-sasl">
|
|
<primary sortas="a-Cyrus-SASL">Cyrus SASL</primary>
|
|
</indexterm>
|
|
|
|
<sect2 role="package">
|
|
<title>Introduction to Cyrus SASL</title>
|
|
|
|
<para>
|
|
The <application>Cyrus SASL</application> package contains a Simple
|
|
Authentication and Security Layer implementation, a method for adding
|
|
authentication support to connection-based protocols. To use SASL, a
|
|
protocol includes a command for identifying and authenticating a user to
|
|
a server and for optionally negotiating protection of subsequent protocol
|
|
interactions. If its use is negotiated, a security layer is inserted
|
|
between the protocol and the connection.
|
|
</para>
|
|
|
|
&lfs112_checked;
|
|
|
|
<!-- To test this package at freeze, run the following command:
|
|
testsaslauthd -u <current user> -p <password>
|
|
after saslauthd is started. -->
|
|
<bridgehead renderas="sect3">Package Information</bridgehead>
|
|
<itemizedlist spacing="compact">
|
|
<listitem>
|
|
<para>
|
|
Download (HTTP): <ulink url="&cyrus-sasl-download-http;"/>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Download (FTP): <ulink url="&cyrus-sasl-download-ftp;"/>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Download MD5 sum: &cyrus-sasl-md5sum;
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Download size: &cyrus-sasl-size;
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Estimated disk space required: &cyrus-sasl-buildsize;
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Estimated build time: &cyrus-sasl-time;
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
|
|
<!-- Not needed anymore
|
|
<bridgehead renderas="sect3">Additional Downloads</bridgehead>
|
|
<itemizedlist spacing="compact">
|
|
<listitem>
|
|
<para>
|
|
Required patch:
|
|
<ulink url="&patch-root;/cyrus-sasl-&cyrus-sasl-version;-doc_fixes-1.patch"/>
|
|
</para>
|
|
</listitem>
|
|
<!- -<listitem>
|
|
<para>
|
|
Required patch:
|
|
<ulink url="&patch-root;/cyrus-sasl-&cyrus-sasl-version;-openssl-1.1.0-1.patch"/>
|
|
</para>
|
|
</listitem>- ->
|
|
</itemizedlist>
|
|
-->
|
|
|
|
<bridgehead renderas="sect3">Cyrus SASL Dependencies</bridgehead>
|
|
|
|
<bridgehead renderas="sect4">Recommended</bridgehead>
|
|
<para role="recommended">
|
|
<xref linkend="db"/>
|
|
</para>
|
|
|
|
<bridgehead renderas="sect4">Optional</bridgehead>
|
|
<para role="optional">
|
|
<xref linkend="linux-pam"/>,
|
|
<xref linkend="mitkrb"/>,
|
|
<xref linkend="mariadb"/> or <ulink url="https://www.mysql.com/">MySQL</ulink>,
|
|
<!--<xref linkend="openjdk"/>, Removed in 2.1.28 -->
|
|
<xref linkend="openldap"/>,
|
|
<xref linkend="postgresql"/>,
|
|
<xref linkend="sqlite"/>,
|
|
<ulink url="https://stuff.mit.edu/afs/net.mit.edu/project/attic/krb4/">krb4</ulink>,
|
|
<ulink url="https://dmalloc.com/">Dmalloc</ulink>,
|
|
<ulink url="https://metacpan.org/pod/Pod::POM::View::Restructured">Pod::POM::View::Restructured</ulink>,
|
|
and <ulink url="https://pypi.org/project/Sphinx">Sphinx</ulink>
|
|
</para>
|
|
|
|
<para condition="html" role="usernotes">User Notes:
|
|
<ulink url="&blfs-wiki;/cyrus-sasl"/>
|
|
</para>
|
|
</sect2>
|
|
|
|
<sect2 role="installation">
|
|
<title>Installation of Cyrus SASL</title>
|
|
|
|
<note>
|
|
<para>
|
|
This package does not support parallel build.
|
|
</para>
|
|
</note>
|
|
|
|
<!-- Without this patch, having Sphinx and/or doctools (doctools not tested)
|
|
on the system causes an FTBFS when man pages are generated. The Sphinx
|
|
and Docutils API has changed significantly between Sphinx-{1,2} and
|
|
Sphinx-3.0.
|
|
|
|
<para>
|
|
First, fix a build failure if Sphinx or
|
|
<xref role="nodep" linkend="docutils"/> is installed on the system:
|
|
</para>
|
|
|
|
<screen><userinput remap="pre">patch -Np1 -i ../cyrus-sasl-2.1.27-doc_fixes-1.patch</userinput></screen>
|
|
-->
|
|
|
|
<para>
|
|
Install <application>Cyrus SASL</application> by
|
|
running the following commands:
|
|
</para>
|
|
|
|
<screen><userinput>./configure --prefix=/usr \
|
|
--sysconfdir=/etc \
|
|
--enable-auth-sasldb \
|
|
--with-dbpath=/var/lib/sasl/sasldb2 \
|
|
--with-sphinx-build=no \
|
|
--with-saslauthd=/var/run/saslauthd &&
|
|
make -j1</userinput></screen>
|
|
|
|
<para>
|
|
This package does not come with a test suite. If you are planning
|
|
on using the GSSAPI authentication mechanism, test
|
|
it after installing the package using the sample server and client
|
|
programs which were built in the preceding step. Instructions for
|
|
performing the tests can be found at
|
|
<ulink url="&hints-root;/downloads/files/cyrus-sasl.txt"/>.
|
|
</para>
|
|
|
|
<para>
|
|
Now, as the <systemitem class="username">root</systemitem> user:
|
|
</para>
|
|
|
|
<screen role="root"><userinput>make install &&
|
|
install -v -dm755 /usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/html &&
|
|
install -v -m644 saslauthd/LDAP_SASLAUTHD /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; &&
|
|
install -v -m644 doc/legacy/*.html /usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/html &&
|
|
install -v -dm700 /var/lib/sasl</userinput></screen>
|
|
|
|
</sect2>
|
|
|
|
<sect2 role="commands">
|
|
<title>Command Explanations</title>
|
|
|
|
<para>
|
|
<parameter>--with-dbpath=/var/lib/sasl/sasldb2</parameter>: This
|
|
switch forces the <command>sasldb</command> database to be created
|
|
in <filename class="directory">/var/lib/sasl</filename> instead of
|
|
<filename class="directory">/etc</filename>.
|
|
</para>
|
|
|
|
<para>
|
|
<parameter>--with-saslauthd=/var/run/saslauthd</parameter>: This
|
|
switch forces <command>saslauthd</command> to use the FHS compliant
|
|
directory <filename class="directory">/var/run/saslauthd</filename>
|
|
for variable run-time data.
|
|
</para>
|
|
|
|
<para>
|
|
<parameter>--enable-auth-sasldb</parameter>: This switch enables
|
|
SASLDB authentication backend.
|
|
</para>
|
|
|
|
<para>
|
|
<option>--with-dblib=gdbm</option>: This switch forces
|
|
<application>GDBM</application> to be used instead of
|
|
<application>Berkeley DB</application>.
|
|
</para>
|
|
|
|
<para>
|
|
<option>--with-ldap</option>: This switch enables the
|
|
<application>OpenLDAP</application> support.
|
|
</para>
|
|
|
|
<para>
|
|
<option>--enable-ldapdb</option>: This switch enables the
|
|
LDAPDB authentication backend. <!--There is a circular dependency with this
|
|
parameter. See <ulink url="&blfs-wiki;/cyrus-sasl"/> for a solution to
|
|
this problem.-->
|
|
</para>
|
|
|
|
<!-- Removed in 2.1.28
|
|
<para>
|
|
<option>- -enable-java</option>: This switch enables compiling of the
|
|
<application>Java</application> support libraries.
|
|
</para>
|
|
-->
|
|
|
|
<para>
|
|
<option>--enable-login</option>: This option enables unsupported
|
|
LOGIN authentication.
|
|
</para>
|
|
|
|
<para>
|
|
<option>--enable-ntlm</option>: This option enables unsupported
|
|
NTLM authentication.
|
|
</para>
|
|
|
|
<para>
|
|
<command>install -v -m644 ...</command>: These commands
|
|
install documentation which is not installed by the
|
|
<command>make install</command> command.
|
|
</para>
|
|
|
|
<para>
|
|
<command>install -v -m700 -d /var/lib/sasl</command>: This directory
|
|
must exist when starting <command>saslauthd</command> or using the
|
|
sasldb plugin. If you're not going to be running the daemon or
|
|
using the plugins, you may omit the creation of this directory.
|
|
</para>
|
|
|
|
</sect2>
|
|
|
|
<sect2 role="configuration">
|
|
<title>Configuring Cyrus SASL</title>
|
|
|
|
<sect3 id="cyrus-sasl-config">
|
|
<title>Config Files</title>
|
|
|
|
<para>
|
|
<filename>/etc/saslauthd.conf</filename>
|
|
(for <command>saslauthd</command> LDAP configuration) and
|
|
<filename>/etc/sasl2/Appname.conf</filename>
|
|
(where "Appname" is the application defined name of the application)
|
|
</para>
|
|
|
|
<indexterm zone="cyrus-sasl cyrus-sasl-config">
|
|
<primary sortas="e-etc-saslauthd.conf">/etc/saslauthd.conf</primary>
|
|
</indexterm>
|
|
|
|
</sect3>
|
|
|
|
<sect3>
|
|
<title>Configuration Information</title>
|
|
|
|
<para>
|
|
See
|
|
<ulink url="https://www.cyrusimap.org/sasl/sasl/sysadmin.html"/>
|
|
for information on what to include in the application configuration files.
|
|
</para>
|
|
|
|
<para>
|
|
See
|
|
<ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/LDAP_SASLAUTHD"/>
|
|
for configuring <command>saslauthd</command> with
|
|
<application>OpenLDAP</application>.
|
|
</para>
|
|
|
|
<para>
|
|
See
|
|
<ulink url="https://www.cyrusimap.org/sasl/sasl/gssapi.html#gssapi"/>
|
|
for configuring <command>saslauthd</command> with <application>Kerberos</application>.
|
|
</para>
|
|
|
|
</sect3>
|
|
|
|
<sect3 id="cyrus-sasl-init">
|
|
<title><phrase revision="sysv">Init Script</phrase>
|
|
<phrase revision="systemd">Systemd Unit</phrase></title>
|
|
|
|
<para revision="sysv">
|
|
If you need to run the <command>saslauthd</command> daemon at system
|
|
startup, install the <filename>/etc/rc.d/init.d/saslauthd</filename>
|
|
init script included in the
|
|
<xref linkend="bootscripts"/> package using the following command:
|
|
</para>
|
|
|
|
<para revision="systemd">
|
|
If you need to run the <command>saslauthd</command> daemon at system
|
|
startup, install the <filename>saslauthd.service</filename> unit
|
|
included in the <xref linkend="systemd-units"/> package using the
|
|
following command:
|
|
</para>
|
|
|
|
<indexterm zone="cyrus-sasl cyrus-sasl-init">
|
|
<primary sortas="f-saslauthd">saslauthd</primary>
|
|
</indexterm>
|
|
|
|
<screen role="root"><userinput>make install-saslauthd</userinput></screen>
|
|
|
|
<note>
|
|
<para>
|
|
You'll need to modify
|
|
<filename revision="sysv">/etc/sysconfig/saslauthd</filename>
|
|
<filename revision="systemd">/etc/default/saslauthd</filename>
|
|
and modify the
|
|
<option revision="sysv">AUTHMECH</option>
|
|
<option revision="systemd">MECHANISM</option>
|
|
parameter with your desired authentication mechanism.
|
|
<phrase revision="systemd">The default authentication
|
|
mechanism is "shadow".</phrase>
|
|
</para>
|
|
</note>
|
|
|
|
</sect3>
|
|
|
|
</sect2>
|
|
|
|
<sect2 role="content">
|
|
<title>Contents</title>
|
|
|
|
<segmentedlist>
|
|
<segtitle>Installed Programs</segtitle>
|
|
<segtitle>Installed Library</segtitle>
|
|
<segtitle>Installed Directories</segtitle>
|
|
|
|
<seglistitem>
|
|
<seg>
|
|
pluginviewer, saslauthd, sasldblistusers2, saslpasswd2 and
|
|
testsaslauthd
|
|
</seg>
|
|
<seg>
|
|
libsasl2.so
|
|
</seg>
|
|
<seg>
|
|
/usr/include/sasl,
|
|
/usr/lib/sasl2,
|
|
/usr/share/doc/cyrus-sasl-&cyrus-sasl-version; and
|
|
/var/lib/sasl
|
|
</seg>
|
|
</seglistitem>
|
|
</segmentedlist>
|
|
|
|
<variablelist>
|
|
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
|
|
<?dbfo list-presentation="list"?>
|
|
<?dbhtml list-presentation="table"?>
|
|
|
|
<varlistentry id="pluginviewer">
|
|
<term><command>pluginviewer</command></term>
|
|
<listitem>
|
|
<para>
|
|
is used to list loadable SASL plugins and their properties
|
|
</para>
|
|
<indexterm zone="cyrus-sasl pluginviewer">
|
|
<primary sortas="b-pluginviewer">pluginviewer</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="saslauthd">
|
|
<term><command>saslauthd</command></term>
|
|
<listitem>
|
|
<para>
|
|
is the SASL authentication server
|
|
</para>
|
|
<indexterm zone="cyrus-sasl saslauthd">
|
|
<primary sortas="b-saslauthd">saslauthd</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="sasldblistusers2">
|
|
<term><command>sasldblistusers2</command></term>
|
|
<listitem>
|
|
<para>
|
|
is used to list the users in the SASL password database
|
|
<filename>sasldb2</filename>
|
|
</para>
|
|
<indexterm zone="cyrus-sasl sasldblistusers2">
|
|
<primary sortas="b-sasldblistusers2">sasldblistusers2</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="saslpasswd2">
|
|
<term><command>saslpasswd2</command></term>
|
|
<listitem>
|
|
<para>
|
|
is used to set and delete a user's SASL password and
|
|
mechanism specific secrets in the SASL password
|
|
database <filename>sasldb2</filename>
|
|
</para>
|
|
<indexterm zone="cyrus-sasl saslpasswd2">
|
|
<primary sortas="b-saslpasswd2">saslpasswd2</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="testsaslauthd">
|
|
<term><command>testsaslauthd</command></term>
|
|
<listitem>
|
|
<para>
|
|
is a test utility for the SASL authentication server
|
|
</para>
|
|
<indexterm zone="cyrus-sasl testsaslauthd">
|
|
<primary sortas="b-testsaslauthd">testsaslauthd</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="libsasl2">
|
|
<term><filename class="libraryfile">libsasl2.so</filename></term>
|
|
<listitem>
|
|
<para>
|
|
is a general purpose authentication library for server
|
|
and client applications
|
|
</para>
|
|
<indexterm zone="cyrus-sasl libsasl2">
|
|
<primary sortas="c-libsasl2">libsasl2.so</primary>
|
|
</indexterm>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</sect2>
|
|
|
|
</sect1>
|