]>
Commit | Line | Data |
---|---|---|
8baa29be AJ |
1 | .if !'po4a'hide' .TH basic_sasl_auth 8 |
2 | . | |
2cd86812 | 3 | .SH NAME |
8baa29be AJ |
4 | .if !'po4a'hide' .B basic_sasl_auth |
5 | .if !'po4a'hide' \- | |
6 | Basic Authentication using SASL (specifically the cyrus-sasl authentication method) | |
2cd86812 | 7 | .PP |
8baa29be AJ |
8 | Version 1.0 |
9 | . | |
10 | .SH SYNOPSIS | |
11 | .if !'po4a'hide' .B basic_sasl_auth | |
12 | . | |
13 | .SH DESCRIPTION | |
14 | .B basic_sasl_auth | |
15 | is an installed binary helper for Squid. SASL is configurable (somewhat like PAM). | |
16 | Each service authenticating against SASL identifies itself with an application name. | |
17 | Each application can be configured independently by the SASL administrator. | |
18 | . | |
19 | .SH CONFIGURATION | |
20 | To configure the authentication method used the file | |
21 | .B basic_sasl_auth.conf | |
22 | can be placed in the appropriate location, usually | |
23 | .B /usr/lib/sasl. | |
24 | .PP | |
25 | The authentication database is defined by the | |
26 | .B pwcheck_method | |
27 | parameter. | |
28 | Only the | |
29 | .B PLAIN | |
30 | authentication mechanism is used. | |
31 | .PP | |
32 | Examples: | |
33 | . | |
34 | .if !'po4a'hide' .B pwcheck_method:sasldb | |
35 | use sasldb - the default if no conf file is installed. | |
36 | .if !'po4a'hide' .B pwcheck_method:pam | |
37 | - use PAM authentication database | |
38 | .if !'po4a'hide' .B pwcheck_method:passwd | |
39 | - use traditional | |
40 | .B /etc/passwd | |
41 | .if !'po4a'hide' .B pwcheck_method:shadow | |
42 | - use slightly less traditional /etc/shadow | |
43 | .PP | |
44 | Others methods may be supported by your cyrus-sasl implementation - | |
45 | consult your cyrus-sasl documentation for information. | |
46 | .PP | |
47 | Typically the authentication database ( | |
48 | .B /etc/sasldb | |
49 | , | |
50 | .B /etc/shadow | |
51 | , | |
52 | .B PAM | |
53 | ) | |
54 | can not be accessed by a normal user. You should use setuid/setgid | |
55 | and an appropriate user/group on the executable to allow the | |
56 | authenticator to access the appropriate password database. If the | |
57 | access to the database is not permitted then the authenticator | |
58 | will typically fail with "-1, generic error". | |
59 | .PP | |
60 | .if !'po4a'hide' .RS | |
61 | .if !'po4a'hide' .P | |
62 | .if !'po4a'hide' .B chown root.mail basic_sasl_auth | |
63 | .if !'po4a'hide' .br | |
64 | .if !'po4a'hide' .B chmod ug+s basic_sasl_auth | |
65 | .if !'po4a'hide' .RE | |
66 | .PP | |
67 | If the application name | |
68 | .B basic_sasl_auth | |
69 | will also be used for the PAM service name if | |
70 | .B pwcheck_method:pam | |
71 | is chosen. And example PAM configuration file | |
72 | .B basic_sasl_auth.pam | |
73 | is also included. | |
74 | . | |
75 | .SH AUTHOR | |
76 | This program was written by | |
77 | .if !'po4a'hide' .I Ian Castle <ian.castle@coldcomfortfarm.net> | |
78 | .PP | |
79 | This manual was written by | |
80 | .if !'po4a'hide' .I Ian Castle <ian.castle@coldcomfortfarm.net> | |
2da9607e | 81 | .if !'po4a'hide' .I Amos Jeffries <amosjeffries@squid-cache.org> |
8baa29be AJ |
82 | . |
83 | .SH COPYRIGHT | |
84 | This program and documentation is copyright to the authors named above. | |
85 | .PP | |
86 | Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+). | |
87 | . | |
88 | .SH QUESTIONS | |
89 | Questions on the usage of this program can be sent to the | |
90 | .I Squid Users mailing list | |
91 | .if !'po4a'hide' <squid-users@squid-cache.org> | |
92 | . | |
93 | .SH REPORTING BUGS | |
94 | Bug reports need to be made in English. | |
95 | See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report. | |
96 | .PP | |
97 | Report bugs or bug fixes using http://bugs.squid-cache.org/ | |
98 | .PP | |
99 | Report serious security bugs to | |
100 | .I Squid Bugs <squid-bugs@squid-cache.org> | |
101 | .PP | |
102 | Report ideas for new improvements to the | |
103 | .I Squid Developers mailing list | |
104 | .if !'po4a'hide' <squid-dev@squid-cache.org> | |
105 | . | |
106 | .SH SEE ALSO | |
107 | .if !'po4a'hide' .BR squid "(8), " | |
108 | .if !'po4a'hide' .BR SASL "(3), " | |
109 | .if !'po4a'hide' .BR PAM "(7), " | |
110 | .if !'po4a'hide' .BR passwd "(1), " | |
111 | .if !'po4a'hide' .BR shadow "(5), " | |
112 | .if !'po4a'hide' .BR chown "(1), " | |
113 | .if !'po4a'hide' .BR chmod "(1), " | |
114 | .br | |
115 | The Squid FAQ wiki | |
116 | .if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq | |
117 | .br | |
118 | The Squid Configuration Manual | |
119 | .if !'po4a'hide' http://www.squid-cache.org/Doc/config/ |