The Cyrus SASL package contains a Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. To use SASL, a protocol includes a command for identifying and authenticating a user to a server and for optionally negotiating protection of subsequent protocol interactions. If its use is negotiated, a security layer is inserted between the protocol and the connection.
This package is known to build and work properly using an LFS-7.6 platform.
Download (FTP): ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.26.tar.gz
Download MD5 sum: a7f4e5e559a0e37b3ffc438c9456e425
Download size: 5.0 MB
Estimated disk space required: 30 MB
Estimated build time: 0.5 SBU
Linux-PAM-1.1.8, MIT Kerberos V5-1.12.2, MariaDB-10.0.13 or MySQL, OpenJDK-1.7.0.65/IcedTea-2.5.2, OpenLDAP-2.4.39, PostgreSQL-9.3.5, SQLite-3.8.6, krb4 and Dmalloc
User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/cyrus-sasl
Install Cyrus SASL by running the following commands:
patch -Np1 -i ../cyrus-sasl-2.1.26-fixes-3.patch &&autoreconf -fi &&./configure --prefix=/usr --sysconfdir=/etc --enable-auth-sasldb --with-dbpath=/var/lib/sasl/sasldb2 --with-saslauthd=/var/run/saslauthd &&make
This package does not come with a test suite. If you are planning on using the GSSAPI authentication mechanism, it is recommended to test it after installing the package using the sample server and client programs which were built in the preceding step. Instructions for performing the tests can be found at http://www.linuxfromscratch.org/hints/downloads/files/cyrus-sasl.txt.
Now, as the root
user:
make install &&install -v -dm755 /usr/share/doc/cyrus-sasl-2.1.26 &&install -v -m644 doc/{*.{html,txt,fig},ONEWS,TODO} saslauthd/LDAP_SASLAUTHD /usr/share/doc/cyrus-sasl-2.1.26 &&install -v -dm700 /var/lib/sasl
--with-dbpath=/var/lib/sasl/sasldb2
: This switch forces the sasldb database to be created in /var/lib/sasl
instead of /etc
.
--with-saslauthd=/var/run/saslauthd
: This switch forces saslauthd to use the FHS compliant directory /var/run/saslauthd
for variable run-time data.
--enable-auth-sasldb
: This switch enables SASLDB authentication backend.
--with-dblib=gdbm
: This switch forces GDBM to be used instead of Berkeley DB.
--with-ldap
: This switch enables the OpenLDAP support.
--enable-ldapdb
: This switch enables the LDAPDB authentication backend. There is a circular dependency with this parameter. See http://wiki.linuxfromscratch.org/blfs/wiki/cyrus-sasl for a solution to this problem.
--enable-java
: This switch enables compiling of the Java support libraries.
--enable-login
: This option enables unsupported LOGIN authentication.
--enable-ntlm
: This option enables unsupported NTLM authentication.
install -v -m644 ...: These commands install documentation which is not installed by the make install command.
install -v -m700 -d /var/lib/sasl: This directory must exist when starting saslauthd or using the sasldb plugin. If you're not going to be running the daemon or using the plugins, you may omit the creation of this directory.
/etc/saslauthd.conf
(for saslauthd LDAP configuration) and /etc/sasl2/Appname.conf
(where "Appname" is the application defined name of the application)
See file:///usr/share/doc/cyrus-sasl-2.1.26/sysadmin.html for information on what to include in the application configuration files.
See file:///usr/share/doc/cyrus-sasl-2.1.26/LDAP_SASLAUTHD for configuring saslauthd with OpenLDAP.
See file:///usr/share/doc/cyrus-sasl-2.1.26/gssapi.html for configuring saslauthd with Kerberos.
If you need to run the saslauthd daemon at system startup, install the /etc/rc.d/init.d/saslauthd
init script included in the blfs-bootscripts-20140919 package using the following command:
make install-saslauthd
You'll need to modify /etc/sysconfig/saslauthd and replace the
parameter with your desired authentication mechanism. AUTHMECH
is used to list loadable SASL plugins and their properties. | |
is the SASL authentication server. | |
is used to list the users in the SASL password database | |
is used to set and delete a user's SASL password and mechanism specific secrets in the SASL password database | |
is a test utility for the SASL authentication server. | |
is a general purpose authentication library for server and client applications. |
Last updated on 2014-09-17 18:48:47 +0000
联系客服