sasl_appname.conf(4)

Skip to ContentSun and Oracle Channel Sun How to Buy Log In

man pages section 4: File Formats

View this book in:

Other Languages
日本語

Contained Within

Solaris 10 Reference Manual Collection

Find More Documentation

Featured Support Resources

Download this book in PDF (3065 KB)

Name | Synopsis | Description | Attributes | See Also

Name

sasl_appname.conf– SASL options and configuration file

Synopsis

/etc/sasl/appname.conf

Description

The /etc/sasl/appname.conf file is a user-supplied configuration file that supports user set options for server applications.

You can modify the behavior of libsasl and its plug-ins for server applications by specifying option values in /etc/sasl/appname.conf file, where appname is the application defined name of the application. For sendmail, the file would be /etc/sasl/Sendmail.conf. See your application documentation for information on the application name.

Options that you set in a appname.conf file do not override SASL options specified by the application itself.

The format for each option setting is:

option_name:value.

You can comment lines in the file by using a leading #.

The SASL library supports the following options for server applications:

auto_transition: When set to yes, plain users and login plug-ins are automatically transitioned to other mechanisms when they do a successful plaintext authentication. The default value for auto_transition is no.
auxprop_plugin: A space-separated list of names of auxiliary property plug-ins to use. By default, SASL will use or query all available auxiliary property plug-ins.
canon_user_plugin: The name of the canonical user plug-in to use. By default, the value of canon_user_plugin is INTERNAL, to indicated the use of built-in plug-ins..
log_level: An integer value for the desired level of logging for a server, as defined in <sasl.h>. This sets the log_level in the sasl_server_params_t struct in /usr/include/sasl/saslplug.h. The default value for log_level is 1 to indicate SASL_LOG_ERR.
mech_list: Whitespace separated list of SASL mechanisms to allow, for example, DIGEST-MD5 GSSAPI. The mech_list option is used to restrict the mechanisms to a subset of the installed plug-ins. By default, SASL will use all available mechanisms.
pw_check: Whitespace separated list of mechanisms used to verify passwords that are used by sasl_checkpass(3SASL). The default value for pw_check is auxprop.
reauth_timeout: This SASL option is used by the server DIGEST-MD5 plug-in. The value of reauth_timeout is the length in time (in minutes) that authentication information will be cached for a fast reauthorization. A value of 0 will disable reauthorization. The default value of reauth_timeout is 1440 (24 hours).
server_load_mech_list: A space separated list of mechanisms to load. If in the process of loading server plug-ns no desired mechanisms are included in the plug-in, the plug-in will be unloaded. By default, SASL loads all server plug-ins.
user_authid: If the value of user_authid is yes, then the GSSAPI will acquire the client credentials rather than use the default credentials when it creates the GSS client security context. The default value of user_authid is no, whereby SASL uses the default client Kerberos identity.

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Interface Stability	Evolving