SASL Configuration
Cyrus SASL configuration, like PAM, is handled on a per-service basis. Every application that employs SASL for its authentication needs has its own configuration file. These configuration files are located in /usr/lib/sasl2 (or the directory where the plugins are installed) by default, and have the name of Service.conf, of which Service is the name of the application or service. For example, the configuration file for Sendmail’s SASL settings is /usr/lib/sasl2/Sendmail.conf, and the sample SASL application’s configuration file is located at /usr/lib/sasl2/sample.conf. The service name is defined by the application itself, so the exact name used by a particular application can be gleaned from the source code or the documentation of the application. Other applications mix in SASL configuration directives with the application’s own configuration file. In short, the location of the SASL configuration directives for a given application is highly application-dependent, so check the software documentation.
The SASL libraries recognize the following configuration directives. Additional authentication method-specific directives are supported, and documented on the SASL home page. Table 7-2 lists the options that are pertinent to a SASL library configured with GSSAPI support.
Option | Description | Default |
keytab | Location of the Kerberos 5 keytab file for the service’s principal. | /etc/krb5.keytab |
mech_list | List of the authentication mechanisms ... |
Get Kerberos: The Definitive Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
