Introduction to Cyrus SASL
The Cyrus SASL package contains a
Simple Authentication and Security Layer, a method for adding
authentication support to connection-based protocols. To use SASL,
a protocol includes a command for identifying and authenticating a
user to a server and for optionally negotiating protection of
subsequent protocol interactions. If its use is negotiated, a
security layer is inserted between the protocol and the connection.
Package Information
Cyrus SASL Dependencies
Required
OpenSSL-0.9.7g
Optional
Linux-PAM-0.80, OpenLDAP-2.2.24, Heimdal-0.7 or MIT
krb5-1.4.1, JDK-1.5.0,
MySQL-4.1.12, PostgreSQL-8.0.3, Berkeley DB-4.3.28, GDBM-1.8.3, krb4,
SQLite
and Dmalloc
Installation of Cyrus SASL
Install Cyrus SASL by running the
following commands:
./configure --prefix=/usr --sysconfdir=/etc \
--with-dbpath=/var/lib/sasl/sasldb2 \
--with-saslauthd=/var/run &&
make
This package does not come with a test suite. If you are planning
on using the GSSAPI authentication mechanism, it is recommended to
test it after installing the package using the sample server and
client programs which were built in the preceding step.
Instructions for performing the tests can be found at
http://www.linuxfromscratch.org/hints/downloads/files/cyrus-sasl.txt.
Now, as the root user:
make install &&
install -v -m644 saslauthd/saslauthd.8 /usr/share/man/man8 &&
install -v -m755 -d /usr/share/doc/cyrus-sasl-2.1.21 &&
install -v -m644 doc/{*.{html,txt,fig},ONEWS,TODO} \
saslauthd/LDAP_SASLAUTHD /usr/share/doc/cyrus-sasl-2.1.21 &&
install -v -m700 -d /var/lib/sasl
Command Explanations
--with-dbpath=/var/lib/sasl/sasldb2: This
parameter forces the saslauthd database to be created in
/var/lib/sasl instead of /etc.
--with-saslauthd=/var/run: This
parameter forces saslauthd to use the FHS compliant
directory /var/run for variable run-time
data.
--with-ldap: This parameter enables use
with OpenLDAP.
--enable-ldapdb: This parameter enables the
LDAPDB authentication backend. There is a circular dependency with
this parameter which requires you to build the Cyrus SASL package, then the OpenLDAP package (with SASL support), then
finally building the Cyrus SASL
package again with this parameter.
install -v -m644 ...:
These commands install documentation which is not installed by the
make install command.
install -v -m700 -d
/var/lib/sasl: This directory must exist when
starting saslauthd.
If you're not going to be running the daemon, you may omit the
creation of this directory.
Configuring Cyrus SASL
/etc/saslauthd.conf (for LDAP
configuration) and /usr/lib/sasl2/Appname.conf (where "Appname" is
the application defined name of the application)
If you need to run the saslauthd daemon at system startup,
install the /etc/rc.d/init.d/cyrus-sasl
init script included in the blfs-bootscripts-6.1
package.
make install-cyrus-sasl
![[Note]](../images/note.png)
Note
You'll need to modify the init script and replace the
[authmech] parameter to the
-a switch with your desired
authentication mechanism.
Contents
Installed
Programs: saslauthd,
sasldblistusers2, and saslpasswd2
Installed
Libraries: libjavasasl.so,
libsasl2.so, and numerous SASL plugins and Java classes
Installed
Directories: /usr/include/sasl, /usr/lib/java/classes/sasl,
/usr/lib/sasl2, /usr/share/doc/cyrus-sasl-2.1.21, and
/var/lib/sasl
Short Descriptions
|
saslauthd
|
is the SASL authentication server.
|
|
sasldblistusers2
|
is used to list the users in the SASL password database.
|
|
saslpasswd2
|
is used to set and delete a user's SASL password and
mechanism specific secrets in the SASL password database.
|
|
libsasl2.so
|
is a general purpose authentication library for server
and client applications.
|
Last updated on 2005-08-01 13:29:19 -0600