SASL_APPNAME.CONF(5) Standards, Environments, and Macros SASL_APPNAME.CONF(5)
NAME
sasl_appname.conf - SASL options and configuration file
SYNOPSIS
/etc/sasl/
appname.confDESCRIPTION
The
/etc/sasl/appname.conf file is a user-supplied configuration file
that supports user set options for server applications.
You can modify the behavior of
libsasl and its plug-ins for server
applications by specifying option values in
/etc/sasl/appname.conf file,
where
appname is the application defined name of the application. For
sendmail, the file would be
/etc/sasl/Sendmail.conf. See your application
documentation for information on the application name.
Options that you set in a
appname.conf file do not override SASL options
specified by the application itself.
The format for each option setting is:
option_name:value.
You can comment lines in the file by using a leading #.
The SASL library supports the following options for server applications:
auto_transition When set to
yes, plain users and login plug-ins
are automatically transitioned to other
mechanisms when they do a successful plaintext
authentication. The default value for
auto_transition is
no.
auxprop_plugin A space-separated list of names of auxiliary
property plug-ins to use. By default, SASL will
use or query all available auxiliary property
plug-ins.
canon_user_plugin The name of the canonical user plug-in to use.
By default, the value of
canon_user_plugin is
INTERNAL, to indicated the use of built-in plug-
ins..
log_level An integer value for the desired level of
logging for a server, as defined in <
sasl.h>.
This sets the
log_level in the
sasl_server_params_t struct in
/usr/include/sasl/saslplug.h. The default value
for
log_level is
1 to indicate
SASL_LOG_ERR.
mech_list Whitespace separated list of SASL mechanisms to
allow, for example,
DIGEST-MD5 GSSAPI. The
mech_list option is used to restrict the
mechanisms to a subset of the installed plug-
ins. By default, SASL will use all available
mechanisms.
pw_check Whitespace separated list of mechanisms used to
verify passwords that are used by
sasl_checkpass(3SASL). The default value for
pw_check is
auxprop.
reauth_timeout This SASL option is used by the server DIGEST-
MD5 plug-in. The value of
reauth_timeout is the
length in time (in minutes) that authentication
information will be cached for a fast
reauthorization. A value of 0 will disable
reauthorization. The default value of
reauth_timeout is 1440 (24 hours).
server_load_mech_list A space separated list of mechanisms to load. If
in the process of loading server plug-ns no
desired mechanisms are included in the plug-in,
the plug-in will be unloaded. By default, SASL
loads all server plug-ins.
user_authid If the value of
user_authid is
yes, then the
GSSAPI will acquire the client credentials
rather than use the default credentials when it
creates the GSS client security context. The
default value of
user_authid is
no, whereby SASL
uses the default client Kerberos identity.
ATTRIBUTES
See
attributes(7) for descriptions of the following attributes:
+--------------------+-----------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-----------------+
|Interface Stability | Evolving |
+--------------------+-----------------+
SEE ALSO
attributes(7) October 14, 2003
SASL_APPNAME.CONF(5)