Cyrus SASL-2.1.22

Introduction to Cyrus SASL

The Cyrus SASL package contains a Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. To use SASL, a protocol includes a command for identifying and authenticating a user to a server and for optionally negotiating protection of subsequent protocol interactions. If its use is negotiated, a security layer is inserted between the protocol and the connection.

Package Information

Cyrus SASL Dependencies

Required

OpenSSL-0.9.8g

Optional

Linux-PAM-0.99.10.0, OpenLDAP-2.3.39, Heimdal-1.1 or MIT Kerberos V5-1.6, JDK-6 Update 5, MySQL-5.0.41, PostgreSQL-8.2.4, GDBM-1.8.3, krb4, SQLite, and Dmalloc

User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/cyrus-sasl

Installation of Cyrus SASL

Install Cyrus SASL by running the following commands:

./configure --prefix=/usr --sysconfdir=/etc \
            --with-dbpath=/var/lib/sasl/sasldb2 \
            --with-saslauthd=/var/run/saslauthd &&
make

This package does not come with a test suite. If you are planning on using the GSSAPI authentication mechanism, it is recommended to test it after installing the package using the sample server and client programs which were built in the preceding step. Instructions for performing the tests can be found at http://www.linuxfromscratch.org/hints/downloads/files/cyrus-sasl.txt.

Now, as the root user:

make install &&
install -v -m755 -d /usr/share/doc/cyrus-sasl-2.1.22 &&
install -v -m644 doc/{*.{html,txt,fig},ONEWS,TODO} \
    saslauthd/LDAP_SASLAUTHD /usr/share/doc/cyrus-sasl-2.1.22 &&
install -v -m700 -d /var/lib/sasl /var/run/saslauthd

Command Explanations

--with-dbpath=/var/lib/sasl/sasldb2: This parameter forces the sasldb database to be created in /var/lib/sasl instead of /etc.

--with-saslauthd=/var/run/saslauthd: This parameter forces saslauthd to use the FHS compliant directory /var/run/saslauthd for variable run-time data.

--with-dblib=gdbm: This parameter forces GDBM to be used instead of Berkeley DB.

--with-ldap: This parameter enables use with OpenLDAP.

--enable-ldapdb: This parameter enables the LDAPDB authentication backend. There is a circular dependency with this parameter. See http://wiki.linuxfromscratch.org/blfs/wiki/cyrus-sasl for a solution to this problem.

install -v -m644 ...: These commands install documentation which is not installed by the make install command.

install -v -m700 -d /var/lib/sasl /var/run/saslauthd: These directories must exist when starting saslauthd or using the sasldb plugin. If you're not going to be running the daemon or using the plugins, you may omit the creation of this directory.

Configuring Cyrus SASL

Config Files

/etc/saslauthd.conf (for saslauthd LDAP configuration) and /etc/sasl2/Appname.conf (where "Appname" is the application defined name of the application)

Configuration Information

See file:///usr/share/doc/cyrus-sasl-2.1.22/sysadmin.html for information on what to include in the application configuration files. See file:///usr/share/doc/cyrus-sasl-2.1.22/LDAP_SASLAUTHD for configuring saslauthd with OpenLDAP.

Init Script

If you need to run the saslauthd daemon at system startup, install the /etc/rc.d/init.d/cyrus-sasl init script included in the blfs-bootscripts-20080816 package.

make install-cyrus-sasl
[Note]

Note

You'll need to modify the init script and replace the <authmech> parameter to the -a switch with your desired authentication mechanism.

Contents

Installed Programs: saslauthd, sasldblistusers2, and saslpasswd2
Installed Libraries: libjavasasl.so, libsasl2.so, and numerous SASL plugins and Java classes
Installed Directories: /usr/include/sasl, /usr/lib/java/classes/sasl, /usr/lib/sasl2, /usr/share/doc/cyrus-sasl-2.1.22, and /var/lib/sasl

Short Descriptions

saslauthd

is the SASL authentication server.

sasldblistusers2

is used to list the users in the SASL password database sasldb2.

saslpasswd2

is used to set and delete a user's SASL password and mechanism specific secrets in the SASL password database sasldb2.

libsasl2.so

is a general purpose authentication library for server and client applications.

Last updated on 2007-09-04 07:50:55 -0500