[thirdparty/squid.git] / helpers / basic_auth / SASL / basic_sasl_auth.8

.if !'po4a'hide' .TH basic_sasl_auth 8
.
.SH NAME
.if !'po4a'hide' .B basic_sasl_auth
.if !'po4a'hide' \-
Basic Authentication using SASL (specifically the cyrus-sasl authentication method)
.PP
Version 1.0
.
.SH SYNOPSIS
.if !'po4a'hide' .B basic_sasl_auth
.
.SH DESCRIPTION
.B basic_sasl_auth
is an installed binary helper for Squid. SASL is configurable (somewhat like PAM).
Each service authenticating against SASL identifies itself with an application name.
Each application can be configured independently by the SASL administrator.
.
.SH CONFIGURATION
To configure the authentication method used the file 
.B basic_sasl_auth.conf
can be placed in the appropriate location, usually
.B /usr/lib/sasl.
.PP
The authentication database is defined by the 
.B pwcheck_method 
parameter.
Only the 
.B PLAIN 
authentication mechanism is used.
.PP
Examples:
.
.if !'po4a'hide' .B pwcheck_method:sasldb
use sasldb - the default if no conf file is installed.
.if !'po4a'hide' .B pwcheck_method:pam
 - use PAM authentication database
.if !'po4a'hide' .B pwcheck_method:passwd
 - use traditional 
.B /etc/passwd
.if !'po4a'hide' .B pwcheck_method:shadow
 - use slightly less traditional /etc/shadow
.PP
Others methods may be supported by your cyrus-sasl implementation -
consult your cyrus-sasl documentation for information.
.PP
Typically the authentication database (
.B /etc/sasldb
, 
.B /etc/shadow
, 
.B PAM
)
can not be accessed by a normal user. You should use setuid/setgid
and an appropriate user/group on the executable to allow the
authenticator to access the appropriate password database. If the
access to the database is not permitted then the authenticator
will typically fail with "-1, generic error".
.PP
.if !'po4a'hide' .RS
.if !'po4a'hide' .P
.if !'po4a'hide' .B chown root.mail basic_sasl_auth
.if !'po4a'hide' .br
.if !'po4a'hide' .B chmod ug+s basic_sasl_auth
.if !'po4a'hide' .RE
.PP
If the application name 
.B basic_sasl_auth
will also be used for the PAM service name if 
.B pwcheck_method:pam
is chosen. And example PAM configuration file 
.B basic_sasl_auth.pam
is also included.
.
.SH AUTHOR
This program was written by
.if !'po4a'hide' .I Ian Castle <ian.castle@coldcomfortfarm.net>
.PP
This manual was written by
.if !'po4a'hide' .I Ian Castle <ian.castle@coldcomfortfarm.net>
.if !'po4a'hide' .I Amos Jeffries <amosjeffries@squid-cache.org>
.
.SH COPYRIGHT
This program and documentation is copyright to the authors named above.
.PP
Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+).
.
.SH QUESTIONS
Questions on the usage of this program can be sent to the
.I Squid Users mailing list
.if !'po4a'hide' <squid-users@squid-cache.org>
.
.SH REPORTING BUGS
Bug reports need to be made in English.
See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report.
.PP
Report bugs or bug fixes using http://bugs.squid-cache.org/
.PP
Report serious security bugs to
.I Squid Bugs <squid-bugs@squid-cache.org>
.PP
Report ideas for new improvements to the
.I Squid Developers mailing list
.if !'po4a'hide' <squid-dev@squid-cache.org>
.
.SH SEE ALSO
.if !'po4a'hide' .BR squid "(8), "
.if !'po4a'hide' .BR SASL "(3), "
.if !'po4a'hide' .BR PAM "(7), "
.if !'po4a'hide' .BR passwd "(1), "
.if !'po4a'hide' .BR shadow "(5), "
.if !'po4a'hide' .BR chown "(1), "
.if !'po4a'hide' .BR chmod "(1), "
.br
The Squid FAQ wiki
.if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq
.br
The Squid Configuration Manual
.if !'po4a'hide' http://www.squid-cache.org/Doc/config/
Commit	Line	Data
8baa29be AJ	1	.if !'po4a'hide' .TH basic_sasl_auth 8
8baa29be AJ	2	.
2cd86812	3	.SH NAME
8baa29be AJ	4	.if !'po4a'hide' .B basic_sasl_auth
	5	.if !'po4a'hide' \-
	6	Basic Authentication using SASL (specifically the cyrus-sasl authentication method)
2cd86812	7	.PP
8baa29be AJ	8	Version 1.0
	9	.
	10	.SH SYNOPSIS
	11	.if !'po4a'hide' .B basic_sasl_auth
	12	.
	13	.SH DESCRIPTION
	14	.B basic_sasl_auth
	15	is an installed binary helper for Squid. SASL is configurable (somewhat like PAM).
	16	Each service authenticating against SASL identifies itself with an application name.
	17	Each application can be configured independently by the SASL administrator.
	18	.
	19	.SH CONFIGURATION
	20	To configure the authentication method used the file
	21	.B basic_sasl_auth.conf
	22	can be placed in the appropriate location, usually
	23	.B /usr/lib/sasl.
	24	.PP
	25	The authentication database is defined by the
	26	.B pwcheck_method
	27	parameter.
	28	Only the
	29	.B PLAIN
	30	authentication mechanism is used.
	31	.PP
	32	Examples:
	33	.
	34	.if !'po4a'hide' .B pwcheck_method:sasldb
	35	use sasldb - the default if no conf file is installed.
	36	.if !'po4a'hide' .B pwcheck_method:pam
	37	- use PAM authentication database
	38	.if !'po4a'hide' .B pwcheck_method:passwd
	39	- use traditional
	40	.B /etc/passwd
	41	.if !'po4a'hide' .B pwcheck_method:shadow
	42	- use slightly less traditional /etc/shadow
	43	.PP
	44	Others methods may be supported by your cyrus-sasl implementation -
	45	consult your cyrus-sasl documentation for information.
	46	.PP
	47	Typically the authentication database (
	48	.B /etc/sasldb
	49	,
	50	.B /etc/shadow
	51	,
	52	.B PAM
	53	)
	54	can not be accessed by a normal user. You should use setuid/setgid
	55	and an appropriate user/group on the executable to allow the
	56	authenticator to access the appropriate password database. If the
	57	access to the database is not permitted then the authenticator
	58	will typically fail with "-1, generic error".
	59	.PP
	60	.if !'po4a'hide' .RS
	61	.if !'po4a'hide' .P
	62	.if !'po4a'hide' .B chown root.mail basic_sasl_auth
	63	.if !'po4a'hide' .br
	64	.if !'po4a'hide' .B chmod ug+s basic_sasl_auth
	65	.if !'po4a'hide' .RE
	66	.PP
	67	If the application name
	68	.B basic_sasl_auth
	69	will also be used for the PAM service name if
	70	.B pwcheck_method:pam
	71	is chosen. And example PAM configuration file
72	.B basic_sasl_auth.pam
73	is also included.
74	.
75	.SH AUTHOR
76	This program was written by
77	.if !'po4a'hide' .I Ian Castle <ian.castle@coldcomfortfarm.net>
78	.PP
79	This manual was written by
80	.if !'po4a'hide' .I Ian Castle <ian.castle@coldcomfortfarm.net>
2da9607e	81	.if !'po4a'hide' .I Amos Jeffries <amosjeffries@squid-cache.org>
8baa29be AJ	82	.
	83	.SH COPYRIGHT
	84	This program and documentation is copyright to the authors named above.
	85	.PP
	86	Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+).
	87	.
	88	.SH QUESTIONS
	89	Questions on the usage of this program can be sent to the
	90	.I Squid Users mailing list
	91	.if !'po4a'hide' <squid-users@squid-cache.org>
	92	.
	93	.SH REPORTING BUGS
	94	Bug reports need to be made in English.
	95	See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report.
	96	.PP
	97	Report bugs or bug fixes using http://bugs.squid-cache.org/
	98	.PP
	99	Report serious security bugs to
	100	.I Squid Bugs <squid-bugs@squid-cache.org>
	101	.PP
	102	Report ideas for new improvements to the
	103	.I Squid Developers mailing list
	104	.if !'po4a'hide' <squid-dev@squid-cache.org>
	105	.
	106	.SH SEE ALSO
	107	.if !'po4a'hide' .BR squid "(8), "
	108	.if !'po4a'hide' .BR SASL "(3), "
	109	.if !'po4a'hide' .BR PAM "(7), "
	110	.if !'po4a'hide' .BR passwd "(1), "
	111	.if !'po4a'hide' .BR shadow "(5), "
	112	.if !'po4a'hide' .BR chown "(1), "
	113	.if !'po4a'hide' .BR chmod "(1), "
	114	.br
	115	The Squid FAQ wiki
	116	.if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq
	117	.br
	118	The Squid Configuration Manual
	119	.if !'po4a'hide' http://www.squid-cache.org/Doc/config/