SASL_APPNAME.CONF(5) File Formats and Configurations SASL_APPNAME.CONF(5)
NAME
sasl_appname.conf - SASL options and configuration file
SYNOPSIS
/etc/sasl/
appname.confDESCRIPTION
The
/etc/sasl/appname.conf file is a user-supplied configuration file
that supports user set options for server applications.
You can modify the behavior of
libsasl and its plug-ins for server
applications by specifying option values in
/etc/sasl/appname.conf
file, where
appname is the application defined name of the
application. For
sendmail, the file would be
/etc/sasl/Sendmail.conf. See your application documentation for
information on the application name.
Options that you set in a
appname.conf file do not override SASL
options specified by the application itself.
The format for each option setting is:
option_name:value.
You can comment lines in the file by using a leading #.
The SASL library supports the following options for server
applications:
auto_transition When set to
yes, plain users and login plug-
ins are automatically transitioned to other
mechanisms when they do a successful
plaintext authentication. The default value
for
auto_transition is
no.
auxprop_plugin A space-separated list of names of auxiliary
property plug-ins to use. By default, SASL
will use or query all available auxiliary
property plug-ins.
canon_user_plugin The name of the canonical user plug-in to
use. By default, the value of
canon_user_plugin is
INTERNAL, to indicate
the use of built-in plug-ins.
log_level An integer value for the desired level of
logging for a server, as defined in
<
sasl.h>. This sets the
log_level in the
sasl_server_params_t struct in
/usr/include/sasl/saslplug.h. The default
value for
log_level is
1 to indicate
SASL_LOG_ERR.
mech_list Whitespace separated list of SASL mechanisms
to allow, for example,
DIGEST-MD5 GSSAPI.
The
mech_list option is used to restrict the
mechanisms to a subset of the installed
plug-ins. By default, SASL will use all
available mechanisms.
pw_check Whitespace separated list of mechanisms used
to verify passwords that are used by
sasl_checkpass(3SASL). The default value for
pw_check is
auxprop.
reauth_timeout This SASL option is used by the server
DIGEST-MD5 plug-in. The value of
reauth_timeout is the length in time (in
minutes) that authentication information
will be cached for a fast reauthorization. A
value of 0 will disable reauthorization. The
default value of
reauth_timeout is 1440 (24
hours).
server_load_mech_list A space separated list of mechanisms to
load. If in the process of loading server
plug-ns no desired mechanisms are included
in the plug-in, the plug-in will be
unloaded. By default, SASL loads all server
plug-ins.
user_authid If the value of
user_authid is
yes, then the
GSSAPI will acquire the client credentials
rather than use the default credentials when
it creates the GSS client security context.
The default value of
user_authid is
no,
whereby SASL uses the default client
Kerberos identity.
ATTRIBUTES
See
attributes(7) for descriptions of the following attributes:
+--------------------+-----------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-----------------+
|Interface Stability | Evolving |
+--------------------+-----------------+
SEE ALSO
attributes(7) May 21, 2022 SASL_APPNAME.CONF(5)
