Zirconium Linux From Scratch - Version r12.4-45-systemd

Chapter 11. Post Networking, Compilers and Markup Language

Cyrus SASL-2.1.28

Introduction to Cyrus SASL

The Cyrus SASL package contains a Simple Authentication and Security Layer implementation, a method for adding authentication support to connection-based protocols. To use SASL, a protocol includes a command for identifying and authenticating a user to a server and for optionally negotiating protection of subsequent protocol interactions. If its use is negotiated, a security layer is inserted between the protocol and the connection.

This package is known to build and work properly using an LFS 12.4 platform.

Package Information

Additional Downloads

Cyrus SASL Dependencies

Recommended

lmdb-0.9.33

Optional

Linux-PAM-1.7.1, "mitkrb", "mariadb" or MySQL, OpenLDAP-2.6.10, "postgresql", "sphinx" (needed for regenerating the documentation), krb4, Dmalloc, and Pod::POM::View::Restructured (needed for regenerating the documentation)

Installation of Cyrus SASL

[Note]

Note

This package does not support parallel build.

First, fix the package to be compatible with gcc-15: 

patch -Np1 -i ../cyrus-sasl-2.1.28-gcc15_fixes-1.patch
autoreconf -fiv

Also, fix a problem revealed by gcc-14 and later: 

sed '/saslint/a #include <time.h>'       -i lib/saslutil.c
sed '/plugin_common/a #include <time.h>' -i plugins/cram.c

Install Cyrus SASL by running the following commands: 

./configure --prefix=/usr                       \
            --sysconfdir=/etc                   \
            --enable-auth-sasldb                \
            --with-dblib=lmdb                   \
            --with-dbpath=/var/lib/sasl/sasldb2 \
            --with-sphinx-build=no              \
            --with-saslauthd=/var/run/saslauthd

Now Build Cyrus SASL issue: 

make -j1

This package does not come with a test suite. If you are planning on using the GSSAPI authentication mechanism, test it after installing the package using the sample server and client programs which were built in the preceding step. Instructions for performing the tests can be found at https://www.linuxfromscratch.org/hints/downloads/files//downloads/files/cyrus-sasl.txt.

Now Install, as the root user: 

make install
install -v -dm755                          /usr/share/doc/cyrus-sasl-2.1.28/html
install -v -m644  saslauthd/LDAP_SASLAUTHD /usr/share/doc/cyrus-sasl-2.1.28
install -v -m644  doc/legacy/*.html        /usr/share/doc/cyrus-sasl-2.1.28/html
install -v -dm700 /var/lib/sasl

Command Explanations

--with-dbpath=/var/lib/sasl/sasldb2: This switch forces the sasldb database to be created in /var/lib/sasl instead of /etc.

--with-saslauthd=/var/run/saslauthd: This switch forces saslauthd to use the FHS compliant directory /var/run/saslauthd for variable run-time data.

--enable-auth-sasldb: This switch enables SASLDB authentication backend.

--with-dblib=gdbm: This switch forces GDBM to be used instead of LMDB.

--with-ldap: This switch enables the OpenLDAP support.

--enable-ldapdb: This switch enables the LDAPDB authentication backend.

--enable-login: This option enables unsupported LOGIN authentication.

--enable-ntlm: This option enables unsupported NTLM authentication.

install -v -m644 ...: These commands install documentation which is not installed by the make install command.

install -v -m700 -d /var/lib/sasl: This directory must exist when starting saslauthd or using the sasldb plugin. If you're not going to be running the daemon or using the plugins, you may omit the creation of this directory.

Configuring Cyrus SASL

Config Files

/etc/saslauthd.conf (for saslauthd LDAP configuration) and /etc/sasl2/Appname.conf (where "Appname" is the application defined name of the application)

Configuration Information

See https://www.cyrusimap.org/sasl/sasl/sysadmin.html for information on what to include in the application configuration files.

See file:///usr/share/doc/cyrus-sasl-2.1.28/LDAP_SASLAUTHD for configuring saslauthd with OpenLDAP.

See https://www.cyrusimap.org/sasl/sasl/gssapi.html#gssapi for configuring saslauthd with Kerberos.

Systemd Unit

If you need to run the saslauthd daemon at system startup, install the saslauthd.service unit included in the "blfs-systemd-units" package using the following command: 

make install-saslauthd
[Note]

Note

You'll need to modify /etc/default/saslauthd and modify the MECHANISM parameter with your desired authentication mechanism. The default authentication mechanism is "shadow".

Contents

Installed Programs: pluginviewer, saslauthd, sasldblistusers2, saslpasswd2, and testsaslauthd
Installed Library: libsasl2.so
Installed Directories: /usr/include/sasl, /usr/lib/sasl2, /usr/share/doc/cyrus-sasl-2.1.28 and /var/lib/sasl

Short Descriptions

pluginviewer

is used to list loadable SASL plugins and their properties

saslauthd

is the SASL authentication server

sasldblistusers2

is used to list the users in the SASL password database sasldb2

saslpasswd2

is used to set and delete a user's SASL password and mechanism specific secrets in the SASL password database sasldb2

testsaslauthd

is a test utility for the SASL authentication server

libsasl2.so

is a general purpose authentication library for server and client applications