Sophie

Sophie

distrib > Mageia > 7 > i586 > by-pkgid > 7d7e4bec74bbc29e6509ac1d19fd8d29 > files > 68

cyrus-sasl-2.1.27-1.mga7.i586.rpm

Pwcheck
=======

Auxprop
-------

Auxprop-hashed
--------------

Saslauthd
---------

**What is saslauthd?** saslauthd is a daemon which validates

``ldap_servers`` - ``ldap://localhost``

    Specify a space separated list of LDAP server URIs of the form **ldap[si]://[name[:port]]**. See the ``ldap.conf`` *URI* option for formatting details.

``ldap_bind_dn`` - none

    When simple authentication is desired, specify a distinguished name to use for a simple authenticated bind or a simple unauthenticated bind. Do not specify if an anonymous bind is desired. This option is ignored when the evaluated ``ldap_auth_method`` is ``fastbind``.

``ldap_bind_pw`` - none

    ``ldap_bind_pw`` is an alias for ``ldap_password``.

``ldap_password`` - none

    When simple authentication is desired, specify a password to perform an authenticated bind, or do not specify for an unauthenticated or anonymous bind. When SASL authentication is desired, specify a password to use where required by the underlying SASL mechanism. This option is ignored when the evaluated ``ldap_auth_method`` is ``fastbind``.

``ldap_version`` - 3

    Defaults to version *3*. If ``ldap_use_sasl`` or ``ldap_start_tls`` are enabled, this option will be ignored, and will conform to the default value. Version *3* **is** compatible with anonymous binds, simple authenticated binds and simple unauthenticated binds. Version *2* should only be necessary where required by the server.

``ldap_search_base`` - none

    When ``ldap_auth_method`` is evaluated as *bind*, ``ldap_search_base`` will be used to search for the user's distinguished name. When ``ldap_auth_method`` is *custom*, ``ldap_search_base`` will be used to find the user's ``ldap_password_attr`` attribute. When ``ldap_auth_method`` is evaluated as *fastbind*, ``ldap_search_base`` is ignored. If ``ldap_search_base`` contains substitution tokens, they will be replaced as specified in the ``ldap_filter`` token expansion rules.

``ldap_filter`` - uid=%u

    When ``ldap_auth_method`` is evaluated as *bind*, ``ldap_filter`` will be used to search for the user's distinguished name. When ``ldap_auth_method`` is *custom*, ``ldap_filter`` will become, after token expansion, the user's distinguished name. When ``ldap_auth_method`` is evaluated as *fastbind*, ``ldap_filter`` is ignored.

    The following tokens, when contained within the ``ldap_filter`` option, will be substituted with the specified values:

    ``%%``

        is replaced with a literal %.

    ``%u``

        is replaced with the userid to be authenticated.

    ``%U``

        is replaced by the portion of the userid before the first @ character. If an @ character does not exist in the userid, then ``%U`` would function identically to ``%u``. For example, if the userid to be authenticated is *jsmith@example.org*, ``%u`` would be replaced by *jsmith@example.org* and ``%U`` would be replaced by *jsmith*.

    ``%d``

        is replaced by the portion of the userid after the first @ character. If an @ character does not exist in the userid, ``%d`` will be replaced by the ``realm`` value passed to ``saslauthd``. If no ``realm`` value was passed to saslauthd, ``%d`` will be replaced by the configured ``ldap_default_realm``, or by an empty string if ``ldap_default_realm`` is not configured.

    ``%1-9``

        Within a userid which contains an @ character, followed by a domain name, ``%1`` will be replaced by the top level domain, ``%2`` will be replaced by the secondary domain, ``%3`` will be replaced by the tertiary domain, up to and including ``%9`` which would be replaced by the ninth level domain. If no @ character exists in the userid, or if there is no domain name after the @ character, or if the specified hierarchical domain level does not exist, the option is replaced by the ``realm`` value passed to ``saslauthd``. Should no ``realm`` value exist in those scenarios, the option is replaced by the configured ``ldap_default_realm``, or by an empty string if ``ldap_default_realm`` has not been configured.

        For example, if the userid to be authenticated is *jsmith@example.org*, ``%1`` would be replaced by *org* and ``%2`` would be replaced by *example*.

    ``%s``

        is replaced by the ``service`` option passed to ``saslauthd``, or by an empty string if no ``service`` option was passed.

    ``%r``

        is replaced by the ``realm`` option passed to ``saslauthd``. If no ``realm`` value was passed to saslauthd, ``%r`` will be replaced by the configured ``ldap_default_realm``, or by an empty string if ``ldap_default_realm`` is not configured.

``ldap_password_attr`` - userPassword

    When ``ldap_auth_method`` is evaluated as *custom*, ``ldap_password_attr`` specifies an attribute that will be requested and retrived. If successfully retrived, the authentication request will succeed if the ``ldap_password_attr`` attribute contains a supported password hash, and if the user submitted password matches the hash. When ``ldap_auth_method`` is *bind* or *fastbind*, ``ldap_password_attr`` is ignored.


``ldap_group_dn`` - none

    If ``ldap_group_dn`` is specified, group authorization must also succeed (in addition to the prior authentication step), for the user's authentication attempt to be successful. If ``ldap_group_dn`` contains substitution tokens, they will be replaced as specified in the ``ldap_filter`` token expansion rules. One additional token substitution is applicable to ``ldap_group_dn``:

    ``%D``

        is replaced by the distinguished name that was specified, or evaluated, in the authentication step. If ``ldap_use_sasl`` is enabled, the distinguished name will be resolved by performing an ldapwhoami extended operation after a successful authentication. If ``ldap_group_dn`` is specified and ``ldap_use_sasl`` is enabled, but the ldap server does not support the ldapwhoami extended operation, or if the ldapwhoami extended operation fails, then the user's authentication attempt is unsuccessful.


``ldap_group_attr`` - uniqueMember

    ``ldap_group_attr`` is ignored unless ``ldap_group_dn`` is also specified and ``ldap_group_match_method`` is *attr*. ``ldap_group_attr`` specifies an attribute which contains the authenticating identity's dinstinguished name. See the ``ldap_group_match_method`` entry for additional details.

``ldap_group_filter`` - none

``ldap_group_search_base`` - defaults to the evaluated ``ldap_search_base``

``ldap_group_scope`` - *sub*

``ldap_group_match_method`` - attr

``ldap_default_realm`` - none

``ldap_default_domain`` - none

    ``ldap_default_domain`` is an alias for ``ldap_default_realm``.

``ldap_auth_method`` - bind

``ldap_timeout`` - 5

``ldap_size_limit`` - 1

``ldap_time_limit`` - 5

``ldap_deref`` - never

``ldap_referrals`` - no

``ldap_restart`` - yes

``ldap_scope`` - sub

``ldap_use_sasl`` - no

``ldap_id`` - none

``ldap_sasl_authc_id`` - none

``ldap_authz_id`` - none

    Does not make any sense to supply an authz identity when performing sasl/fastbind.

``ldap_sasl_authz_id`` - none

    ``ldap_sasl_authz_id`` is an alias for ``ldap_authz_id``.

``ldap_realm`` - none

``ldap_sasl_realm`` - 

``ldap_mech`` - 

    It doesn't make any sense to use a mech that does not require an authname and password, when using fastbind.

``ldap_sasl_mech`` - 

``ldap_sasl_secprops`` - 

``ldap_start_tls`` - 

``ldap_tls_check_peer`` - 

``ldap_tls_cacert_file`` - 

``ldap_tls_cacert_dir`` - 

``ldap_tls_ciphers`` - 

``ldap_tls_cert`` - 

``ldap_tls_key`` - 

``ldap_debug`` - 

Authdaemon
----------

Alwaystrue
----------

Auto Transition
---------------

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional