SASL_APPNAME.CONF(4)SASL_APPNAME.CONF(4)NAMEsasl_appname.conf - SASL options and configuration file
SYNOPSIS
/etc/sasl/appname.conf
DESCRIPTION
The /etc/sasl/appname.conf file is a user-supplied configuration file
that supports user set options for server applications.
You can modify the behavior of libsasl and its plug-ins for server
applications by specifying option values in /etc/sasl/appname.conf
file, where appname is the application defined name of the application.
For sendmail, the file would be /etc/sasl/Sendmail.conf. See your
application documentation for information on the application name.
Options that you set in a appname.conf file do not override SASL
options specified by the application itself.
The format for each option setting is:
option_name:value.
You can comment lines in the file by using a leading #.
The SASL library supports the following options for server applica‐
tions:
auto_transition
When set to yes, plain users and login plug-
ins are automatically transitioned to other
mechanisms when they do a successful plaintext
authentication. The default value for
auto_transition is no.
auxprop_plugin
A space-separated list of names of auxiliary
property plug-ins to use. By default, SASL
will use or query all available auxiliary
property plug-ins.
canon_user_plugin
The name of the canonical user plug-in to use.
By default, the value of canon_user_plugin is
INTERNAL, to indicated the use of built-in
plug-ins..
log_level
An integer value for the desired level of log‐
ging for a server, as defined in <sasl.h>.
This sets the log_level in the
sasl_server_params_t struct in
/usr/include/sasl/saslplug.h. The default
value for log_level is 1 to indicate
SASL_LOG_ERR.
mech_list
Whitespace separated list of SASL mechanisms
to allow, for example, DIGEST-MD5 GSSAPI. The
mech_list option is used to restrict the mech‐
anisms to a subset of the installed plug-ins.
By default, SASL will use all available mecha‐
nisms.
pw_check
Whitespace separated list of mechanisms used
to verify passwords that are used by
sasl_checkpass(3SASL). The default value for
pw_check is auxprop.
reauth_timeout
This SASL option is used by the server DIGEST-
MD5 plug-in. The value of reauth_timeout is
the length in time (in minutes) that authenti‐
cation information will be cached for a fast
reauthorization. A value of 0 will disable
reauthorization. The default value of
reauth_timeout is 1440 (24 hours).
server_load_mech_list
A space separated list of mechanisms to load.
If in the process of loading server plug-ns no
desired mechanisms are included in the plug-
in, the plug-in will be unloaded. By default,
SASL loads all server plug-ins.
user_authid
If the value of user_authid is yes, then the
GSSAPI will acquire the client credentials
rather than use the default credentials when
it creates the GSS client security context.
The default value of user_authid is no,
whereby SASL uses the default client Kerberos
identity.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌────────────────────┬─────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├────────────────────┼─────────────────┤
│Interface Stability │ Evolving │
└────────────────────┴─────────────────┘
SEE ALSOattributes(5)
Oct 14, 2003 SASL_APPNAME.CONF(4)