xref: /illumos-gate/usr/src/man/man5/sasl_appname.conf.5 (revision 08855964b9970604433f7b19dcd71cf5af5e5f14)
te
Copyright (C) 1998-2003, Carnegie Mellon Univeristy. All Rights Reserved.
Portions Copyright (c) 2003, Sun Microsystems, Inc. All Rights Reserved.
The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
SASL_APPNAME.CONF 5 "May 21, 2022"
NAME
sasl_appname.conf - SASL options and configuration file
SYNOPSIS
/etc/sasl/appname.conf
DESCRIPTION
The /etc/sasl/appname.conf file is a user-supplied configuration file that supports user set options for server applications.

You can modify the behavior of libsasl and its plug-ins for server applications by specifying option values in /etc/sasl/appname.conf file, where appname is the application defined name of the application. For sendmail, the file would be /etc/sasl/Sendmail.conf. See your application documentation for information on the application name.

Options that you set in a appname.conf file do not override SASL options specified by the application itself.

The format for each option setting is:

option_name:value.

You can comment lines in the file by using a leading #.

The SASL library supports the following options for server applications: auto_transition

When set to yes, plain users and login plug-ins are automatically transitioned to other mechanisms when they do a successful plaintext authentication. The default value for auto_transition is no.

auxprop_plugin

A space-separated list of names of auxiliary property plug-ins to use. By default, SASL will use or query all available auxiliary property plug-ins.

canon_user_plugin

The name of the canonical user plug-in to use. By default, the value of canon_user_plugin is INTERNAL, to indicate the use of built-in plug-ins.

log_level

An integer value for the desired level of logging for a server, as defined in <sasl.h>. This sets the log_level in the sasl_server_params_t struct in /usr/include/sasl/saslplug.h. The default value for log_level is 1 to indicate SASL_LOG_ERR.

mech_list

Whitespace separated list of SASL mechanisms to allow, for example, DIGEST-MD5 GSSAPI. The mech_list option is used to restrict the mechanisms to a subset of the installed plug-ins. By default, SASL will use all available mechanisms.

pw_check

Whitespace separated list of mechanisms used to verify passwords that are used by sasl_checkpass(3SASL). The default value for pw_check is auxprop.

reauth_timeout

This SASL option is used by the server DIGEST-MD5 plug-in. The value of reauth_timeout is the length in time (in minutes) that authentication information will be cached for a fast reauthorization. A value of 0 will disable reauthorization. The default value of reauth_timeout is 1440 (24 hours).

server_load_mech_list

A space separated list of mechanisms to load. If in the process of loading server plug-ns no desired mechanisms are included in the plug-in, the plug-in will be unloaded. By default, SASL loads all server plug-ins.

user_authid

If the value of user_authid is yes, then the GSSAPI will acquire the client credentials rather than use the default credentials when it creates the GSS client security context. The default value of user_authid is no, whereby SASL uses the default client Kerberos identity.

ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
ATTRIBUTE TYPE ATTRIBUTE VALUE
Interface Stability Evolving
SEE ALSO
attributes (7)