Introduction to Cyrus SASL
The Cyrus SASL package contains a
Simple Authentication and Security Layer implementation, a method
for adding authentication support to connection-based protocols. To
use SASL, a protocol includes a command for identifying and
authenticating a user to a server and for optionally negotiating
protection of subsequent protocol interactions. If its use is
negotiated, a security layer is inserted between the protocol and
the connection.
Note
Development versions of BLFS may not build or run some packages
properly if LFS or dependencies have been updated since the most
recent stable versions of the books.
Package Information
Cyrus SASL Dependencies
Recommended
lmdb-0.9.31
Optional
Linux-PAM-1.6.1, MIT Kerberos
V5-1.21.3, MariaDB-11.4.3 or MySQL, OpenLDAP-2.6.8, PostgreSQL-17.0, sphinx-8.0.2, SQLite-3.46.1,
Berkeley
DB (deprecated), krb4,
Dmalloc, and
Pod::POM::View::Restructured
Installation of Cyrus SASL
Note
This package does not support parallel build.
First, fix a problem revealed by gcc-14:
sed '/saslint/a #include <time.h>' -i lib/saslutil.c &&
sed '/plugin_common/a #include <time.h>' -i plugins/cram.c
Install Cyrus SASL by running the
following commands:
./configure --prefix=/usr \
--sysconfdir=/etc \
--enable-auth-sasldb \
--with-dblib=lmdb \
--with-dbpath=/var/lib/sasl/sasldb2 \
--with-sphinx-build=no \
--with-saslauthd=/var/run/saslauthd &&
make -j1
This package does not come with a test suite. If you are planning
on using the GSSAPI authentication mechanism, test it after
installing the package using the sample server and client programs
which were built in the preceding step. Instructions for performing
the tests can be found at
https://www.linuxfromscratch.org/hints/downloads/files/cyrus-sasl.txt.
Now, as the root
user:
make install &&
install -v -dm755 /usr/share/doc/cyrus-sasl-2.1.28/html &&
install -v -m644 saslauthd/LDAP_SASLAUTHD /usr/share/doc/cyrus-sasl-2.1.28 &&
install -v -m644 doc/legacy/*.html /usr/share/doc/cyrus-sasl-2.1.28/html &&
install -v -dm700 /var/lib/sasl
Command Explanations
--with-dbpath=/var/lib/sasl/sasldb2
:
This switch forces the sasldb database to be created in
/var/lib/sasl
instead of /etc
.
--with-saslauthd=/var/run/saslauthd
:
This switch forces saslauthd to use the FHS
compliant directory /var/run/saslauthd
for variable run-time data.
--enable-auth-sasldb
: This
switch enables SASLDB authentication backend.
--with-dblib=gdbm
: This switch forces
GDBM to be used instead of
LMDB.
--with-ldap
: This switch enables the
OpenLDAP support.
--enable-ldapdb
: This switch enables
the LDAPDB authentication backend.
--enable-login
: This option enables
unsupported LOGIN authentication.
--enable-ntlm
: This option enables
unsupported NTLM authentication.
install -v -m644 ...:
These commands install documentation which is not installed by the
make install command.
install -v -m700 -d
/var/lib/sasl: This directory must exist when
starting saslauthd or
using the sasldb plugin. If you're not going to be running the
daemon or using the plugins, you may omit the creation of this
directory.
Configuring Cyrus SASL
Config
Files
/etc/saslauthd.conf
(for
saslauthd LDAP
configuration) and /etc/sasl2/Appname.conf
(where "Appname" is the
application defined name of the application)
Systemd Unit
If you need to run the saslauthd daemon at system
startup, install the saslauthd.service
unit included in the
blfs-systemd-units-20240916 package
using the following command:
make install-saslauthd
Note
You'll need to modify /etc/default/saslauthd
and modify the
MECHANISM
parameter with your
desired authentication mechanism. The
default authentication mechanism is "shadow".
Contents
Installed Programs:
pluginviewer, saslauthd,
sasldblistusers2, saslpasswd2, and testsaslauthd
Installed Library:
libsasl2.so
Installed Directories:
/usr/include/sasl, /usr/lib/sasl2,
/usr/share/doc/cyrus-sasl-2.1.28 and /var/lib/sasl
Short Descriptions
pluginviewer
|
is used to list loadable SASL plugins and their
properties
|
saslauthd
|
is the SASL authentication server
|
sasldblistusers2
|
is used to list the users in the SASL password database
sasldb2
|
saslpasswd2
|
is used to set and delete a user's SASL password and
mechanism specific secrets in the SASL password database
sasldb2
|
testsaslauthd
|
is a test utility for the SASL authentication server
|
libsasl2.so
|
is a general purpose authentication library for server
and client applications
|