Hier werden die Unterschiede zwischen zwei Versionen gezeigt.
lpi2:sasl [2015/09/25 13:36] |
lpi2:sasl [2015/09/25 13:36] (aktuell) |
||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
+ | ===== Benötigte Pakete ===== | ||
+ | Debian ( ab 3.1 ): | ||
+ | sasl2-bin | ||
+ | |||
+ | CentOS ( 7 ) | ||
+ | cyrus-sasl cyrus-sasl-plain | ||
+ | |||
+ | SuSE ( 11.1 ) | ||
+ | cyrus-sasl-saslauthd | ||
+ | |||
+ | ===== saslauthd ===== | ||
+ | ==== saslauthd - /etc/shadow ==== | ||
+ | ''/etc/sysconfig/saslauthd'' : ( SuSE 11.1 ) | ||
+ | <file>SASLAUTHD_AUTHMECH=shadow</file> | ||
+ | |||
+ | ''/etc/sysconfig/saslauthd'' : ( CentOS ) | ||
+ | <file>MECH=shadow</file> | ||
+ | |||
+ | ''/etc/default/saslauthd'' : ( Debian ) | ||
+ | <file> | ||
+ | START=yes | ||
+ | MECHANISMS="shadow" | ||
+ | </file> | ||
+ | |||
+ | ==== saslauthd - PAM ==== | ||
+ | ''/etc/default/saslauthd'' : (Debian) | ||
+ | <file> | ||
+ | START=yes | ||
+ | MECHANISMS="pam" | ||
+ | </file> | ||
+ | |||
+ | ''/etc/sysconfig/saslauthd'' : (SuSE 11.1) | ||
+ | <file>SASLAUTHD_AUTHMECH=pam</file> | ||
+ | |||
+ | ''/etc/sysconfig/saslauthd'' : (CentOS) | ||
+ | <file>MECH=pam</file> | ||
+ | |||
+ | ==== Dienst starten ==== | ||
+ | /etc/init.d/saslauthd restart | ||
+ | |||
+ | SuSE (11.1) & CentOS ( 4 ): | ||
+ | chkconfig saslauthd on | ||
+ | |||
+ | ==== Testen ==== | ||
+ | === saslauthd === | ||
+ | testsaslauthd -s login -u username -p password | ||
+ | |||
+ | ===== auxprop ===== | ||
+ | ==== auxprop - sasldb ==== | ||
+ | //sasldb sollte man nur testweise nutzen, das die Passwörter unverschlüsselt abgelegt werden// | ||
+ | saslpasswd2 testnutzer | ||
+ | |||
+ | ==== testen ==== | ||
+ | sasldblistusers2 | ||
+ | oder | ||
+ | db4.8_dump -p /etc/sasldb2 | ||
+ | |||
+ | === Server === | ||
+ | ''/etc/sasl/sample.conf'' : | ||
+ | <file> | ||
+ | pwcheck_method: saslauthd | ||
+ | mech_list: plain login | ||
+ | </file> | ||
+ | |||
+ | sasl-sample-server -s test | ||
+ | C: ... | ||
+ | |||
+ | Die Fragen und Antworten von Client und Server per copy&paste rüberkopieren. | ||
+ | Wer sehen möchte was da kopiert wird, kann aus dem base64 encodeten String den Klartext erzeugen: | ||
+ | echo 'UExBSU4AaXcAaXcAdmlsbGE='|mimencode -u | ||
+ | |||
+ | === Client === | ||
+ | sasl-sample-client -m plain -s test -a nutzer | ||
+ | S: ... | ||
+ | |||
+ | |||
+ | ====== Dokumentation ====== | ||
+ | * Weitere Konfigurationsoptionen sind in den Dateien unter ''/usr/share/doc/sasl2-bin'' ( Debian, Paket cyrus-sasl2-doc ) beschrieben | ||
+ | |||
+ | * http://www.state-of-mind.de/vortraege | ||
+ | * Patrick Koetter zu [[http://www.state-of-mind.de/vortraege/cyrus_sasl_vortrag_mailserver-konferenz.pdf | SASL und LDAP ]], deutsch | ||