Beyond Linux From Scratch - Version 6.0

Chapter 4. Security

Cyrus SASL-2.1.20

Introduction to Cyrus SASL

The Cyrus SASL package contains a Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. To use SASL, a protocol includes a command for identifying and authenticating a user to a server and for optionally negotiating protection of subsequent protocol interactions. If its use is negotiated, a security layer is inserted between the protocol and the connection.

Package information

Cyrus SASL dependencies

Required

OpenSSL-0.9.7e

Optional

Linux-PAM-0.78, OpenLDAP-2.2.20, Heimdal-0.6.3 or MIT krb5-1.4, J2SDK-1.4.2, MySQL-4.1.8a, PostgreSQL-7.4.6, Berkeley DB-4.3.27, GDBM-1.8.3, Courier-0.47, krb4, SQLite and Dmalloc

Installation of Cyrus SASL

Install Cyrus SASL by running the following commands: 

./configure --prefix=/usr --sysconfdir=/etc \
            --with-dbpath=/var/lib/sasl/sasldb2 \
            --with-saslauthd=/var/run &&
make

Now, as the root user: 

make install &&
install -v -m644 saslauthd/saslauthd.mdoc \
    /usr/share/man/man8/saslauthd.8 &&
install -v -d -m755 /usr/share/doc/cyrus-sasl-2.1.20 &&
install -v -m644 doc/{*.{html,txt,fig},ONEWS,TODO} \
    saslauthd/LDAP_SASLAUTHD /usr/share/doc/cyrus-sasl-2.1.20 &&
install -v -d -m700 /var/lib/sasl

Command explanations

--with-dbpath=/var/lib/sasl/sasldb2: This parameter forces the saslauthd database to be created in /var/lib/sasl instead of /etc.

--with-saslauthd=/var/run: This parameter forces saslauthd to use the FHS compliant directory /var/run for variable run-time data.

--with-ldap: This parameter enables use with OpenLDAP.

install -m644 ...: These commands install documentation which is not installed by the make install command.

install -d -m700 /var/lib/sasl: This directory must exist when starting saslauthd. If you're not going to be running the daemon, you may omit the creation of this directory.

Configuring Cyrus SASL

Config Files

/etc/saslauthd.conf (for LDAP configuration) and /usr/lib/sasl2/Appname.conf (where "Appname" is the application defined name of the application)

Configuration Information

See file:///usr/share/doc/sasl/sysadmin.html for information on what to include in the application configuration files. See file:///usr/share/doc/sasl/LDAP_SASLAUTHD for configuring saslauthd with LDAP.

Init Script

If you need to run the saslauthd daemon at system startup, install the /etc/rc.d/init.d/cyrus-sasl init script included in the blfs-bootscripts-6.0 package. 

make install-cyrus-sasl
[Note]

Note

You'll need to modify the init script and replace the [authmech] parameter to the -a switch with your desired authentication mechanism.

Contents

Installed Programs: saslauthd, sasldblistusers2 and saslpasswd2
Installed Libraries: libjavasasl.so, libsasl2.so and SASL plugins/JAVA classes
Installed Directories: /usr/include/sasl, /usr/lib/sasl2, /usr/share/doc/sasl and /var/lib/sasl

Short Descriptions

saslauthd

is the SASL authentication server.

sasldblistusers2

is used to list the users in the SASL password database.

saslpasswd2

is used to set and delete a user's SASL password and mechanism specific secrets in the SASL password database.

libsasl2.so

is a general purpose authentication library for server and client applications.

Last updated on 2005-03-02 07:35:32 -0700