Cyrus SASL-2.1.26

Cyrus SASL の概要

Cyrus SASL パッケージはシンプルな認証層 (Authentication Layer) およびセキュリティ層 (Security Layer) を提供するものです。 接続を前提とするプロトコルに対しての認証機能のサポートを実現します。 SASL を利用すれば、 To use SASL, a protocol includes a command for identifying and authenticating a user to a server and for optionally negotiating protection of subsequent protocol interactions. If its use is negotiated, a security layer is inserted between the protocol and the connection.

本パッケージは LFS-8.1 において正しくビルドでき動作することが確認されています。

パッケージ情報

追加のダウンロード

Cyrus SASL の依存パッケージ

必須

OpenSSL-1.1.0f

推奨

任意

Linux-PAM-1.3.0, MIT Kerberos V5-1.15.1, MariaDB-10.2.7 または MySQL, OpenJDK-1.8.0.141, OpenLDAP-2.4.45, PostgreSQL-9.6.4, SQLite-3.20.0, krb4, Dmalloc

ユーザー情報: http://wiki.linuxfromscratch.org/blfs/wiki/cyrus-sasl

Cyrus SASL のインストール

Install Cyrus SASL by running the following commands:

patch -Np1 -i ../cyrus-sasl-2.1.26-fixes-3.patch &&
patch -Np1 -i ../cyrus-sasl-2.1.26-openssl-1.1.0-1.patch &&
autoreconf -fi &&

./configure --prefix=/usr        \
            --sysconfdir=/etc    \
            --enable-auth-sasldb \
            --with-dbpath=/var/lib/sasl/sasldb2 \
            --with-saslauthd=/var/run/saslauthd &&
make

This package does not come with a test suite. If you are planning on using the GSSAPI authentication mechanism, it is recommended to test it after installing the package using the sample server and client programs which were built in the preceding step. Instructions for performing the tests can be found at http://www.linuxfromscratch.org/hints/downloads/files/cyrus-sasl.txt.

Now, as the root user:

make install &&
install -v -dm755 /usr/share/doc/cyrus-sasl-2.1.26 &&
install -v -m644  doc/{*.{html,txt,fig},ONEWS,TODO} \
    saslauthd/LDAP_SASLAUTHD /usr/share/doc/cyrus-sasl-2.1.26 &&
install -v -dm700 /var/lib/sasl

コマンド説明

--with-dbpath=/var/lib/sasl/sasldb2: This switch forces the sasldb database to be created in /var/lib/sasl instead of /etc.

--with-saslauthd=/var/run/saslauthd: This switch forces saslauthd to use the FHS compliant directory /var/run/saslauthd for variable run-time data.

--enable-auth-sasldb: This switch enables SASLDB authentication backend.

--with-dblib=gdbm: This switch forces GDBM to be used instead of Berkeley DB.

--with-ldap: This switch enables the OpenLDAP support.

--enable-ldapdb: This switch enables the LDAPDB authentication backend. There is a circular dependency with this parameter. See http://wiki.linuxfromscratch.org/blfs/wiki/cyrus-sasl for a solution to this problem.

--enable-java: This switch enables compiling of the Java support libraries.

--enable-login: This option enables unsupported LOGIN authentication.

--enable-ntlm: This option enables unsupported NTLM authentication.

install -v -m644 ...: These commands install documentation which is not installed by the make install command.

install -v -m700 -d /var/lib/sasl: This directory must exist when starting saslauthd or using the sasldb plugin. If you're not going to be running the daemon or using the plugins, you may omit the creation of this directory.

Cyrus SASL の設定

設定ファイル

/etc/saslauthd.conf (for saslauthd LDAP configuration) and /etc/sasl2/Appname.conf (where "Appname" is the application defined name of the application)

設定情報

See file:///usr/share/doc/cyrus-sasl-2.1.26/sysadmin.html for information on what to include in the application configuration files.

See file:///usr/share/doc/cyrus-sasl-2.1.26/LDAP_SASLAUTHD for configuring saslauthd with OpenLDAP.

See file:///usr/share/doc/cyrus-sasl-2.1.26/gssapi.html for configuring saslauthd with Kerberos.

Systemd Unit

If you need to run the saslauthd daemon at system startup, install the saslauthd.service unit included in the blfs-systemd-units-20160602 package using the following command:

make install-saslauthd
[注記]

注記

You'll need to modify /etc/default/saslauthd and modify the MECHANISM parameter with your desired authentication mechanism.

パッケージ構成

インストールプログラム: pluginviewer, saslauthd, sasldblistusers2, saslpasswd2, testsaslauthd
インストールライブラリ: libsasl2.so
インストールディレクトリ: /usr/include/sasl, /usr/lib/sasl2, /usr/share/doc/cyrus-sasl-2.1.26, /var/lib/sasl

概略説明

pluginviewer

is used to list loadable SASL plugins and their properties.

saslauthd

is the SASL authentication server.

sasldblistusers2

is used to list the users in the SASL password database sasldb2.

saslpasswd2

is used to set and delete a user's SASL password and mechanism specific secrets in the SASL password database sasldb2.

testsaslauthd

is a test utility for the SASL authentication server.

libsasl2.so

is a general purpose authentication library for server and client applications.

最終更新日: 2017-08-21 12:24:54 +0900