Sophie

Sophie

distrib > Mandriva > 9.1 > i586 > by-pkgid > 63fff99add596b34f7a098db106b0ada > files > 37

cyrus-sasl-2.1.12-1mdk.i586.rpm

<HTML><HEAD>
<title>Options for Cyrus SASL</title>
<!-- $Id: options.html,v 1.13 2002/12/09 22:20:05 rjs3 Exp $ -->
</HEAD>
<BODY>
<h1>Options for Cyrus SASL</h1>

<p>This document contains information on what options are used by the
Cyrus SASL library and bundled mechanisms:</p>

<TABLE BORDER WIDTH=95%>
<TR><TH>Option</TH><TH>Used By</TH><TH>Description</TH><TH>Default</TH></TR>
<TR>
<TD>auto_transition</TD><TD>SASL Library</TD> 
<TD>When set to 'yes'
and when using the sasldb auxprop plugin, automatically transition
users to other mechs when they do a successful plaintext
authentication</TD><TD>no</TD>
</TR>
<TR>
<TD>auxprop_plugin</TD><TD>Auxiliary Property Plugin</TD>
<TD>Name of auxiliary plugin to use, you may specify a space-separated
list of plugin names, and the plugins will be queried in order</TD>
<TD>(null) - querys all plugins</TD>
</TR>
<TR>
<TD>canon_user_plugin</TD><TD>SASL Library</TD>
<TD>Name of canon_user plugin to use</TD><TD>INTERNAL</TD>
</TR>
<TR>
<TD>keytab</TD><TD>GSSAPI</TD> <TD>Location of keytab
file</TD><TD><tt>/etc/krb5.keytab</tt> (system dependant)</TD>
</TR>
<TR>
<TD>mech_list</TD><TD>SASL Library</TD>
<TD>Whitespace separated list of mechanisms to allow (e.g. 'plain
otp').  Used to restrict the mechanisms to a subset of the installed
plugins.</TD><TD>all available</TD>
</TR>
<TR>
<TD>opiekeys</TD><TD>OTP (with OPIE)</TD>
<TD>Location of the opiekeys file</TD><TD><tt>/etc/opiekeys</tt></TD>
</TR>
<TR>
<TD>otp_mda</TD><TD>OTP (w/o OPIE)</TD>
<TD>Message digest algorithm for one-time passwords, used by sasl_setpass
(possible values: 'md4', 'md5', 'sha1')</TD><TD><tt>md5</tt></TD>
</TR>
<TR>
<TD>plugin_list</TD><TD>SASL Library</TD>
<TD>Location of Plugin list (Unsupported)</TD><TD><i>none</i></TD>
</TR>
<TR>
<TD>pwcheck_method</TD><TD>SASL Library</TD>
<TD>Whitespace separated list of mechanisms used to verify passwords,
used by sasl_checkpass (possible values: 'auxprop', 'pwcheck',
'saslauthd', 'alwaystrue')</TD><TD>auxprop</TD>
</TR>
<TR>
<TD>reauth_timeout</TD><TD>DIGEST-MD5</TD>
<TD>Length in time (in minutes) that authentication info will be
cached for a fast reauth.  A value of 0 will disable reauth.</TD>
<TD>0</TD>
</TR>
<TR>
<TD>saslauthd_path</TD><TD>SASL Library</TD>
<TD>Path to saslauthd run directory (<b>including</b> the "/mux" named pipe)</TD>
<TD>system dependant</TD>
</TR>
<TR>
<TD>sasldb_path</TD><TD>sasldb plugin</TD>
<TD>Path to sasldb file</TD><TD><tt>/etc/sasldb2</tt> (system dependant)</TD>
<TR>
<TD>srp_mda</TD><TD>SRP</TD>
<TD>Message digest algorithm for SRP calculations
(possible values: 'md5', 'sha1', 'rmd160')</TD><TD><tt>sha1</tt></TD>
</TR>
<TD>srvtab</TD><TD>KERBEROS_V4</TD>
<TD>Location of the srvtab file</TD><TD><tt>/etc/srvtab</tt> (system
dependant)</TD>
</TR>
</TABLE>

<h2>Mysql auxprop options</h2>

<DL compact>
<DT>mysql_user <DD>username to login as to the MySQL server
<DT>mysql_passwd <DD> password to use
<DT>mysql_hostnames <DD> comma separated host list
<DT>mysql_database <DD>database to connect to
<DT>mysql_statement <DD> select statement to use
<DT>mysql_verbose <DD>if set, the plugin will print select statement
to syslog)
</DL>

<p>The select statement used in the option <tt>mysql_statement</tt> is
parsed for 3 place holders <tt>%u</tt>, <tt>%r</tt>, and <tt>%p</tt>
they are replaced with username, realm, and property requested
respectively. For example:

<pre>
    mysql_statement: select %p from user_table where username = '%u' and realm = '%r'
</pre>

   would send the following statement to MySQL for user "bovik" and
   the default realm for the machine "madoka.surf.org.uk":

<pre>
     select userPassword from user_table where username = 'bovik' and realm = 'madoka.surf.org.uk'
</pre>

<font color=red>DO NOT put quotes around the statement but do around
the arguments %r, %u, etc.</font>

<DL compact>
<DT><tt>%u</tt> <DD>the username the user logged in as

<DT><tt>%p</tt> <DD>the property requested this could technically be
     anything but sasl authentication will try userPassword and
     cmusaslsecretMECHNAME (where MECHNAME is the name of a
     mechanism).

<DT><tt>%r</tt> <DD>the realm which could be the kerbros realm, the
     FQDN of the computer the sasl app is on or what ever is after the
     @ on a username.  (read the realm documentation)
</DL>

<p>All substitutions do not have to be used. For instance, 
"<tt>select password from auth where username = '%u'</tt>" is a
valid value for "<tt>mysql_statement</tt>".

<hr>
Back to the <A href=index.html>index</a>

</body>
</html>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional