--- cyrus-sasl-1.5.27/saslauthd/Makefile.am.wiget Tue Apr 24 18:09:22 2001 +++ cyrus-sasl-1.5.27/saslauthd/Makefile.am Tue Apr 24 18:10:05 2001 @@ -2,7 +2,7 @@ man_MANS = saslauthd.8 saslauthd_SOURCES = saslauthd.c mechanisms.c globals.h mechanisms.h auth_dce.c auth_dce.h auth_getpwent.c auth_getpwent.h auth_krb4.c auth_krb4.h auth_pam.c auth_pam.h auth_rimap.c auth_rimap.h auth_shadow.c auth_shadow.h auth_sia.c auth_sia.h -saslauthd_LDADD = @SASL_KRB_LIB@ +saslauthd_LDADD = @SASL_KRB_LIB@ @LIB_PAM@ @LIB_CRYPT@ INCLUDES = -I$(top_srcdir)/include EXTRA_DIST = saslauthd.8 --- cyrus-sasl-1.5.27/saslauthd/saslauthd.8.in.mdk Wed Oct 17 14:35:31 2001 +++ cyrus-sasl-1.5.27/saslauthd/saslauthd.8.in Wed Oct 17 14:35:40 2001 @@ -1,29 +1,28 @@ .\" $Id: cyrus-sasl-saslauthd.patch,v 1.1 2002/02/19 00:36:20 woodchip Exp $ .\" Copyright 1997-2000 Messaging Direct Ltd. All rights reserved. -.Dt SASLAUTHD 8 -.Os "CMU-SASL" -.Sh NAME -.Nm saslauthd -.Nd message store authentication server -.Sh SYNOPSIS -.Nm +.TH SASLAUTHD 8 "CMU-SASL" +.B saslauthd saslauthd +.SH NAME +saslauthd \- message store authentication server +.SH SYNOPSIS +.B saslauthd .Fl a .Ar authmech .Op Fl \&Tv .Op Fl H Ar hostname .Op Fl m Ar mux_path -.Sh DESCRIPTION -.Nm +.SH DESCRIPTION +.B saslauthd is a daemon process that handles plaintext authentication requests on behalf of the SASL library. -.Pp +.PP The server fulfills two roles: it isolates all code requiring superuser privileges into a single process, and it can be used to provide .Em proxy authentication services to clients that do not understand SASL based authentication. -.Pp -.Nm +.PP +.B saslauthd should be started from the system boot scripts when going to multi-user mode. When running against a protected authentication @@ -31,7 +30,7 @@ .Li shadow mechanism), it must be run as the superuser. -.Ss Options +.Sx Options Options named by lower\-case letters configure the server itself. Upper\-case options control the behavior of specific authentication mechanisms; their applicability to a particular authentication @@ -61,14 +60,14 @@ mechanisms on standard error, then exit. .El .Ss Logging -.Nm +.B saslauthd logs it's activities via -.Nm syslogd +.B syslogd using the .Dv LOG_AUTH facility. -.Sh AUTHENTICATION MECHANISMS -.Nm +.SH AUTHENTICATION MECHANISMS +.B saslauthd supports one or more .Qq authentication mechanisms , dependent upon the facilities provided by the underlying operating system. @@ -78,17 +77,17 @@ .Bl -tag -width "kerberos4" .It Li sasldb .Em (All platforms) -.Pp +.PP Authenticate against the SASL authentication database. .It Li dce .Em (AIX) -.Pp +.PP Authenticate using the DCE authentication environment. .It Li getpwent .Em (All platforms) -.Pp +.PP Authenticate using the .Fn getpwent library function. Typically this authenticates against the @@ -97,13 +96,13 @@ man page for details. .It Li kerberos4 .Em (All platforms) -.Pp +.PP Authenticate against the local Kerberos 4 realm. (See the .Sx NOTES section for caveats about this driver.) .It Li rimap .Em (All platforms) -.Pp +.PP Forward authentication requests to a remote IMAP server. This driver connects to a remote IMAP server, specified using the -H flag, and attempts to login (via an IMAP @@ -116,7 +115,7 @@ .Ql LOGIN command is received from the remote server. -.Pp +.PP The .Ar hostname parameter to the @@ -134,7 +133,7 @@ to the .Ar hostname argument. -.Pp +.PP The .Fl H flag and argument are mandatory when using the @@ -142,11 +141,11 @@ mechanism. .It Li shadow .Em (AIX, Irix, Linux, Solaris) -.Pp +.PP Authenticate against the local .Qq shadow password file . The exact mechanism is system dependent. -.Nm +.B saslauthd currently understands the .Fn getspnam and @@ -157,14 +156,14 @@ flag. .It Li sia .Em (Digital UNIX) -.Pp +.PP Authenticate using the Digital -.Ux +.UX Security Integration Architecture (a.k.a. .Qq enhanced security ) . .El -.Sh NOTES +.SH NOTES The .Li kerberos4 authentication driver consumes considerable resources. To perform an @@ -175,20 +174,21 @@ local ticket file, on the reasonable assumption that you will want to save the TGT for use by other Kerberos applications. These ticket files are unusable by +.B saslauthd .Nm No , however there is no way not to create them. The overhead of creating and removing these ticket files can cause serious performance degradation on busy servers. (Kerberos was never intended to be used in this manner, anyway.) -.Sh FILES +.SH FILES .Bl -tag -compact .It Pa @MAN_PATH_SASLAUTHD_RUNDIR@/mux The default communications socket. -.Sh SEE ALSO -.Xr passwd 1 , -.Xr getpwent 3 , -.Xr getspnam 3 , -.Xr getuserpw 3 , -.Xr sia_authenticate_user 3 , -.Xr saslpasswd 8 +.SH SEE ALSO +.BR passwd (1) , +.BR getpwent (3) , +.BR getspnam (3) , +.BR getuserpw (3) , +.BR sia_authenticate_user (3) , +.BR saslpasswd (8)