Copyright (C) 1998-2003, Carnegie Mellon Univeristy. All Rights Reserved.
Portions Copyright (c) 2003, Sun Microsystems, Inc. All Rights Reserved.
The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
/etc/sasl/appname.conf
You can modify the behavior of libsasl and its plug-ins for server applications by specifying option values in /etc/sasl/appname.conf file, where appname is the application defined name of the application. For sendmail, the file would be /etc/sasl/Sendmail.conf. See your application documentation for information on the application name.
Options that you set in a appname.conf file do not override SASL options specified by the application itself.
The format for each option setting is:
option_name:value.
You can comment lines in the file by using a leading #.
The SASL library supports the following options for server applications: auto_transition
When set to yes, plain users and login plug-ins are automatically transitioned to other mechanisms when they do a successful plaintext authentication. The default value for auto_transition is no.
A space-separated list of names of auxiliary property plug-ins to use. By default, SASL will use or query all available auxiliary property plug-ins.
The name of the canonical user plug-in to use. By default, the value of canon_user_plugin is INTERNAL, to indicate the use of built-in plug-ins.
An integer value for the desired level of logging for a server, as defined in <sasl.h>. This sets the log_level in the sasl_server_params_t struct in /usr/include/sasl/saslplug.h. The default value for log_level is 1 to indicate SASL_LOG_ERR.
Whitespace separated list of SASL mechanisms to allow, for example, DIGEST-MD5 GSSAPI. The mech_list option is used to restrict the mechanisms to a subset of the installed plug-ins. By default, SASL will use all available mechanisms.
Whitespace separated list of mechanisms used to verify passwords that are used by sasl_checkpass(3SASL). The default value for pw_check is auxprop.
This SASL option is used by the server DIGEST-MD5 plug-in. The value of reauth_timeout is the length in time (in minutes) that authentication information will be cached for a fast reauthorization. A value of 0 will disable reauthorization. The default value of reauth_timeout is 1440 (24 hours).
A space separated list of mechanisms to load. If in the process of loading server plug-ns no desired mechanisms are included in the plug-in, the plug-in will be unloaded. By default, SASL loads all server plug-ins.
If the value of user_authid is yes, then the GSSAPI will acquire the client credentials rather than use the default credentials when it creates the GSS client security context. The default value of user_authid is no, whereby SASL uses the default client Kerberos identity.
ATTRIBUTE TYPE ATTRIBUTE VALUE |
Interface Stability Evolving |