sasl_appname.conf(4) File Formats sasl_appname.conf(4)NAMEsasl_appname.conf - SASL options and configuration file
SYNOPSIS
/etc/sasl/appname.conf
DESCRIPTION
The /etc/sasl/appname.conf file is a user-supplied configuration file
that supports user set options for server applications.
You can modify the behavior of libsasl and its plug-ins for server
applications by specifying option values in /etc/sasl/appname.conf
file, where appname is the application defined name of the application.
For sendmail, the file would be /etc/sasl/Sendmail.conf. See your
application documentation for information on the application name.
Options that you set in a appname.conf file do not override SASL
options specified by the application itself.
The format for each option setting is:
option_name:value.
You can comment lines in the file by using a leading #.
The SASL library supports the following options for server applica‐
tions:
auto_transition When set to yes, plain users and login
plug-ins are automatically transitioned
to other mechanisms when they do a suc‐
cessful plaintext authentication. The
default value for auto_transition is
no.
auxprop_plugin A space-separated list of names of aux‐
iliary property plug-ins to use. By
default, SASL will use or query all
available auxiliary property plug-ins.
canon_user_plugin The name of the canonical user plug-in
to use. By default, the value of
canon_user_plugin is INTERNAL, to indi‐
cated the use of built-in plug-ins..
log_level An integer value for the desired level
of logging for a server, as defined in
<sasl.h>. This sets the log_level in
the sasl_server_params_t struct in
/usr/include/sasl/saslplug.h. The
default value for log_level is 1 to
indicate SASL_LOG_ERR.
mech_list Whitespace separated list of SASL mech‐
anisms to allow, for example, DIGEST-
MD5 GSSAPI. The mech_list option is
used to restrict the mechanisms to a
subset of the installed plug-ins. By
default, SASL will use all available
mechanisms.
pw_check Whitespace separated list of mechanisms
used to verify passwords that are used
by sasl_checkpass(3SASL). The default
value for pw_check is auxprop.
reauth_timeout This SASL option is used by the server
DIGEST-MD5 plug-in. The value of
reauth_timeout is the length in time
(in minutes) that authentication infor‐
mation will be cached for a fast reau‐
thorization. A value of 0 will disable
reauthorization. The default value of
reauth_timeout is 1440 (24 hours).
server_load_mech_list A space separated list of mechanisms
to load. If in the process of loading
server plug-ns no desired mechanisms
are included in the plug-in, the plug-
in will be unloaded. By default, SASL
loads all server plug-ins.
user_authid If the value of user_authid is yes,
then the GSSAPI will acquire the client
credentials rather than use the default
credentials when it creates the GSS
client security context. The default
value of user_authid is no, whereby
SASL uses the default client Kerberos
identity.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Interface Stability │Evolving │
└─────────────────────────────┴─────────────────────────────┘
SEE ALSOattributes(5)SunOS 5.10 14 Oct 2003 sasl_appname.conf(4)