~vorlon/ubuntu/oneiric/cyrus-sasl2/multiarch

Viewing changes to debian/doc/libsasl.5.xml

Committer: Bazaar Package Importer
Author(s): Steve Langasek
Date: 2009-06-04 16:03:06 UTC
mfrom: (2.1.4 squeeze)
Revision ID: james.westby@ubuntu.com-20090604160306-wioioa3amb1up5ws

Tags: 2.1.23.dfsg1-1ubuntu1

* Merge from Debian unstable, remaining changes:
  - Add sysv-rc dependency
  - Since the libsasl2 package description so clearly
    states that the library is "completely useless" without one of the
    libsasl2-modules packages, upgrade the Recommends on a single package
    to an ORd Depends on the complete list of them.
  - Prepend XS-Original- to Vcs-{Browser,Svn}.
  - Remove stop links from rc0 and rc6
  - stop service only when switching to single user mode.
* Dropped changes, superseded in Debian:
  - build-depend on libdb4.6-dev; Debian has moved on to db4.7
  - Added debian/patches/021ubuntu-fix-threaded-sasl.dpatch
    - Fixes SEGV in threaded SASL applications.
* debian/rules: remove all the build-*stamp files on clean, not just
  build-stamp.

files added:
debian/cyrus-sasl2-dbg.dirs

debian/cyrus-sasl2-dbg.lintian-overrides

debian/doc

debian/doc/TODO

debian/doc/ldapdb.5

debian/doc/ldapdb.5.xml

debian/doc/libsasl.5

debian/doc/libsasl.5.xml

debian/doc/saslauthd.conf.5

debian/doc/saslauthd.conf.5.xml

debian/doc/sasldb.5

debian/doc/sasldb.5.xml

debian/doc/sql.5

debian/doc/sql.5.xml

debian/libsasl2-modules-otp.lintian-overrides

debian/libsasl2-modules.lintian-overrides

debian/patches/0017_db4.7.dpatch

debian/patches/0021_no_mutex_changes_after_init.dpatch

debian/patches/0022_gcc4.4_preprocessor_syntax.dpatch

debian/patches/0023_remove_useless_linking.dpatch

debian/source.lintian-overrides

files removed:
debian/patches/0017_db4.6.dpatch

debian/patches/0020_saslauthd_manpage.dpatch

debian/patches/021ubuntu-fix-threaded-sasl.dpatch

mac/make_md5_include

win32/libsasl

win32/libsasl/makemd5

win32/makemd5

win32/sample_client

win32/sample_server

win32/saslANONYMOUS

win32/saslCRAM

win32/saslDIGESTMD5

win32/saslGSSAPI

win32/saslKERBEROSV4

win32/saslLOGIN

win32/saslPLAIN

win32/saslSCRAM

win32/testclient

win32/testserver

win32/utils

win32/utils/saslpwd

files modified:
ChangeLog

Makefile.in

NEWS

aclocal.m4

configure

configure.in

debian/changelog

debian/control

debian/copyright

debian/libsasl2-modules-otp.dirs

debian/libsasl2-modules.dirs

debian/patches/00list

debian/repack.sh

debian/rules

debian/sasl2-bin.lintian-overrides

debian/sasl2-bin.postinst

doc/Makefile.in

include/Makefile.in

include/sasl.h

java/CyrusSasl/Makefile.in

java/CyrusSasl/javasasl.h

java/Makefile.in

java/Test/Makefile.in

java/javax/Makefile.in

java/javax/security/Makefile.in

java/javax/security/auth/Makefile.in

java/javax/security/auth/callback/Makefile.in

lib/Makefile.am

lib/Makefile.in

lib/saslutil.c

man/Makefile.in

plugins/Makefile.am

plugins/Makefile.in

pwcheck/Makefile.in

sample/Makefile.in

saslauthd/Makefile.in

saslauthd/aclocal.m4

saslauthd/configure

saslauthd/configure.in

saslauthd/saslauthd.8

sasldb/Makefile.am

sasldb/Makefile.in

utils/Makefile.in

win32/common.mak

win32/include/config.h

Show diffs side-by-side

added added

removed removed

debian/doc/libsasl.5.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">

<refentrytitle>libsasl</refentrytitle>

</refmeta>

<refname>libsasl</refname>

<refpurpose>authentication library</refpurpose>

</refnamediv>

<para>Cyrus SASL library handling communication between an application and

the Cyrus SASL authentication framework.</para>

</refsynopsisdiv>

<title>Description</title>

<para>This document describes generic configuration options for the Cyrus

SASL authentication library <systemitem

class="library">libsasl</systemitem>.</para>

<para>The library handles communication between an application and the

Cyrus SASL authentication framework. Both exchange information before

<systemitem class="library">libsasl</systemitem> can start offering

authentication services for the application.</para>

<para>The application, among other data, sends the

<parameter>service_name</parameter>. The service name is the services name

as specified by IANA. SMTP servers, for example, send

<option>smtp</option> as <parameter>service_name</parameter>. This

information is handed over by <systemitem

class="library">libsasl</systemitem> e.g. when Kerberos or PAM

authentication takes place.</para>

<para>Configuration options in general are read either from a file or

passed by the application using <systemitem

class="library">libsasl</systemitem> during library initialization.</para>

<title>File-Based configuration</title>

<para>When an application (server) starts, it initializes the

<systemitem class="library">libsasl</systemitem> library. The

application passes <parameter>app_name</parameter> (application name) to

the SASL library. Its value is used to construct the name of the

application specific SASL configuration file. The Cyrus SASL

sample-server, for example, sends <option>sample</option> as

<parameter>app_name</parameter>. Using this value the SASL library will

search the configuration directories for a file named

<filename>sample.conf</filename> and read configuration options from

it.</para>

<note>

<para>Consult the applications manual to determine what

<parameter>app_name</parameter> it sends to the Cyrus SASL

library.</para>

</note>

</refsection>

<title>Application-Based Configuration</title>

<para>Configuration options for <systemitem

class="library">libsasl</systemitem> are written down together with

application specific options in the applications configuration file. The

application reads them and passes them over to <systemitem

class="library">libsasl</systemitem> when it loads the library.</para>

<note>

<para>An example for application-based configuration is the Cyrus IMAP

server <systemitem class="daemon">imapd</systemitem>. SASL

configuration is written to <filename>imapd.conf</filename> and passed

to the SASL library when the <systemitem

class="daemon">imapd</systemitem> server starts.</para>

</note>

</refsection>

<title>Configuration Syntax</title>

<para>The general format of Cyrus SASL configuration file is as

follows:</para>

<term>Configuration options</term>

<para>Configuration options are written each on a single physical

line. Parameter and value must be separated by a colon and a single

whitespace:</para>

100

101

<programlisting>parameter: value</programlisting>

102

103

104

<para>There must be no trailing whitespace after the value or

105

Cyrus SASL will fail to apply the value appropriately!</para>

106

</important>

107

</listitem>

108

</varlistentry>

109

110

111

<term>Comments, Emtpy lines and whitespace-only lines</term>

112

113

114

<para>Empty lines and whitespace-only lines are ignored, as are

115

lines whose first non-whitespace character is a

116

117

</listitem>

118

</varlistentry>

119

</variablelist>

120

</refsection>

121

122

123

<title>Options</title>

124

125

<para>There are generic options and options specific to the password

126

verification service or auxiliary property plugin choosen by the

127

administrator. Such specific options are documented in manuals listed in

128

129

130

<para>The following configuration parameters are generic configuration

131

options:</para>

132

133

134

135

<term><parameter>authdaemond_path</parameter> (default:

136

137

138

139

<para>Path to Courier MTA authdaemond's unix socket. Only applicable

140

when <parameter>pwcheck_method</parameter> is set to

141

<option>authdaemond</option>.</para>

142

</listitem>

143

</varlistentry>

144

145

146

<term><parameter>auto_transition</parameter>: (default:

147

148

149

150

<para>Automatically transition users to other mechanisms when they

151

do a successful plaintext authentication and if an auxprop plugin is

152

used.</para>

153

154

155

<para>This option does not apply to the <citerefentry>

156

<refentrytitle>ldapdb</refentrytitle>

157

158

159

</citerefentry> plugin. It is a read-only plugin.</para>

160

</important>

161

162

163

164

165

166

167

<para>Do not transition users to other mechanisms.</para>

168

</listitem>

169

</varlistentry>

170

171

172

<term><option>noplain</option></term>

173

174

175

<para>Transition users to other mechanisms, but write

176

non-plaintext secrets only.</para>

177

</listitem>

178

</varlistentry>

179

180

181

182

183

184

<para>Transition users to other mechanisms.</para>

185

</listitem>

186

</varlistentry>

187

</variablelist>

188

189

<note>

190

<para>The only mechanisms (as currently implemented) which don't

191

use plaintext secrets are OTP and SRP.</para>

192

</note>

193

</listitem>

194

</varlistentry>

195

196

197

<term><parameter>auxprop_plugin</parameter>: (default: empty)</term>

198

199

200

<para>A whitespace-separated list of one or more auxiliary plugins

201

used if the <parameter>pwcheck_method</parameter> parameter

202

specifies <option>auxprop</option> as an option. Plugins will be

203

queried in list order. If no plugin is specified, all available

204

plugins will be queried.</para>

205

206

207

208

<term><option>ldapdb</option></term>

209

210

211

<para>Specify <option>ldapdb</option> to use the Cyrus SASL

212

213

<refentrytitle>ldapdb</refentrytitle>

214

215

216

</citerefentry> plugin.</para>

217

</listitem>

218

</varlistentry>

219

220

221

<term><option>sasldb</option></term>

222

223

224

<para>Specify <option>sasldb</option> to use the Cyrus SASL

225

226

<refentrytitle>sasldb</refentrytitle>

227

228

229

</citerefentry> plugin.</para>

230

</listitem>

231

</varlistentry>

232

233

234

235

236

237

<para>Specify <option>sql</option> to use the Cyrus SASL

238

239

240

241

242

</citerefentry> plugin.</para>

243

</listitem>

244

</varlistentry>

245

</variablelist>

246

</listitem>

247

</varlistentry>

248

249

250

<term><parameter>log_level</parameter>: (default:

251

252

253

254

<para>Specifies a numeric log level. Available log levels

255

are:</para>

256

257

258

259

260

261

262

<para>Don't log anything</para>

263

</listitem>

264

</varlistentry>

265

266

267

268

269

270

<para>Log unusual errors</para>

271

</listitem>

272

</varlistentry>

273

274

275

276

277

278

<para>Log all authentication failures</para>

279

</listitem>

280

</varlistentry>

281

282

283

284

285

286

<para>Log non-fatal warnings</para>

287

</listitem>

288

</varlistentry>

289

290

291

292

293

294

<para>More verbose than 3</para>

295

</listitem>

296

</varlistentry>

297

298

299

300

301

302

<para>More verbose than 4</para>

303

</listitem>

304

</varlistentry>

305

306

307

308

309

310

<para>Traces of internal protocols</para>

311

</listitem>

312

</varlistentry>

313

314

315

316

317

318

<para>Traces of internal protocols, including passwords</para>

319

</listitem>

320

</varlistentry>

321

</variablelist>

322

323

324

<para>Cyrus SASL sends log messages to the application that runs

325

it. The application decides if it forwards such messages to the

326

327

<refentrytitle>sysklogd</refentrytitle>

328

329

330

</citerefentry> service, to which

331

<parameter>facility</parameter> they are sent and which

332

<parameter>priority</parameter> is given to the message.</para>

333

</important>

334

</listitem>

335

</varlistentry>

336

337

338

<term><parameter>mech_list</parameter>: (default: empty)</term>

339

340

341

<para>The optional <parameter>mech_list</parameter> parameter

342

specifies a whitespace-separated list of one or more mechanisms

343

allowed for authentication.</para>

344

</listitem>

345

</varlistentry>

346

347

348

<term><parameter>pwcheck_method</parameter>: (default:

349

<option>auxprop</option>)</term>

350

351

352

<para>A whitespace-separated list of one or more mechanisms. Cyrus

353

SASL provides the following mechanisms:</para>

354

355

356

357

<term><option>authdaemond</option></term>

358

359

360

<para>Configures Cyrus SASL to contact the Courier MTA

361

362

<refentrytitle>authdaemond</refentrytitle>

363

364

365

</citerefentry> password verification service for password

366

verification.</para>

367

</listitem>

368

</varlistentry>

369

370

371

<term><option>alwaystrue</option></term>

372

373

374

375

</listitem>

376

</varlistentry>

377

378

379

<term><option>auxprop</option></term>

380

381

382

<para>Cyrus SASL will use its own plugin infrastructure to

383

verify passwords. The

384

<parameter><parameter>auxprop_plugin</parameter></parameter>

385

parameter controls which plugins will be used.</para>

386

</listitem>

387

</varlistentry>

388

389

390

<term><option>pwcheck</option></term>

391

392

393

<para>Verify passwords using the Cyrus SASL <citerefentry>

394

<refentrytitle>pwcheck</refentrytitle>

395

396

397

</citerefentry> password verification service. The pwcheck

398

daemon is considered deprecated and should not be used

399

anymore. Use the saslauthd password verification service

400

instead.</para>

401

</listitem>

402

</varlistentry>

403

404

405

<term><option>saslauthd</option></term>

406

407

408

<para>Verify passwords using the Cyrus SASL <citerefentry>

409

<refentrytitle>saslauthd</refentrytitle>

410

411

412

</citerefentry> password verification service.</para>

413

</listitem>

414

</varlistentry>

415

</variablelist>

416

</listitem>

417

</varlistentry>

418

419

420

<term><parameter>saslauthd_path</parameter>: (default: empty)</term>

421

422

423

424

<refentrytitle>saslauthd</refentrytitle>

425

426

427

</citerefentry> run directory (including the

428

<filename>/mux</filename> named pipe)</para>

429

</listitem>

430

</varlistentry>

431

</variablelist>

432

</refsection>

433

434

435

436

437

438

<refentrytitle>authdaemond</refentrytitle>

439

440

441