1sasl_appname.conf(4) File Formats sasl_appname.conf(4)
2
3
4
6 sasl_appname.conf - SASL options and configuration file
7
9 /etc/sasl/appname.conf
10
11
13 The /etc/sasl/appname.conf file is a user-supplied configuration file
14 that supports user set options for server applications.
15
16
17 You can modify the behavior of libsasl and its plug-ins for server
18 applications by specifying option values in /etc/sasl/appname.conf
19 file, where appname is the application defined name of the application.
20 For sendmail, the file would be /etc/sasl/Sendmail.conf. See your
21 application documentation for information on the application name.
22
23
24 Options that you set in a appname.conf file do not override SASL
25 options specified by the application itself.
26
27
28 The format for each option setting is:
29
30 option_name:value.
31
32
33
34 You can comment lines in the file by using a leading #.
35
36
37 The SASL library supports the following options for server applica‐
38 tions:
39
40 auto_transition When set to yes, plain users and login plug-
41 ins are automatically transitioned to other
42 mechanisms when they do a successful plaintext
43 authentication. The default value for
44 auto_transition is no.
45
46
47 auxprop_plugin A space-separated list of names of auxiliary
48 property plug-ins to use. By default, SASL
49 will use or query all available auxiliary
50 property plug-ins.
51
52
53 canon_user_plugin The name of the canonical user plug-in to use.
54 By default, the value of canon_user_plugin is
55 INTERNAL, to indicated the use of built-in
56 plug-ins..
57
58
59 log_level An integer value for the desired level of log‐
60 ging for a server, as defined in <sasl.h>.
61 This sets the log_level in the
62 sasl_server_params_t struct in
63 /usr/include/sasl/saslplug.h. The default
64 value for log_level is 1 to indicate
65 SASL_LOG_ERR.
66
67
68 mech_list Whitespace separated list of SASL mechanisms
69 to allow, for example, DIGEST-MD5 GSSAPI. The
70 mech_list option is used to restrict the mech‐
71 anisms to a subset of the installed plug-ins.
72 By default, SASL will use all available mecha‐
73 nisms.
74
75
76 pw_check Whitespace separated list of mechanisms used
77 to verify passwords that are used by
78 sasl_checkpass(3SASL). The default value for
79 pw_check is auxprop.
80
81
82 reauth_timeout This SASL option is used by the server DIGEST-
83 MD5 plug-in. The value of reauth_timeout is
84 the length in time (in minutes) that authenti‐
85 cation information will be cached for a fast
86 reauthorization. A value of 0 will disable
87 reauthorization. The default value of
88 reauth_timeout is 1440 (24 hours).
89
90
91 server_load_mech_list A space separated list of mechanisms to load.
92 If in the process of loading server plug-ns no
93 desired mechanisms are included in the plug-
94 in, the plug-in will be unloaded. By default,
95 SASL loads all server plug-ins.
96
97
98 user_authid If the value of user_authid is yes, then the
99 GSSAPI will acquire the client credentials
100 rather than use the default credentials when
101 it creates the GSS client security context.
102 The default value of user_authid is no,
103 whereby SASL uses the default client Kerberos
104 identity.
105
106
108 See attributes(5) for descriptions of the following attributes:
109
110
111
112
113 ┌─────────────────────────────┬─────────────────────────────┐
114 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
115 ├─────────────────────────────┼─────────────────────────────┤
116 │Interface Stability │Evolving │
117 └─────────────────────────────┴─────────────────────────────┘
118
120 attributes(5)
121
122
123
124SunOS 5.11 14 Oct 2003 sasl_appname.conf(4)