Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

sasl-sample-client(8) [debian man page]

SASL-SAMPLE-CLIENT(8)					      System Manager's Manual					     SASL-SAMPLE-CLIENT(8)

NAME

       sasl-sample-client -- Sample client program for demonstrating and testing SASL authentication.

SYNOPSIS

       sasl-sample-client [-b min=N,max=N]  [-e ssf=N,id=ID]  [-m MECH]  [-f FLAGS]  [-i local=IP,remote=IP]  [-p PATH]  [-s NAME]  [-n FQDN]  [-u
       ID]  [-a ID]

DESCRIPTION

       This manual page documents briefly the sasl-sample-client command.

       This manual page was written for the Debian distribution because the original program does not have a manual page.

       sasl-sample-client is a program to demonstrate and test SASL authentication. It implements the client part, and the server part	is  avail-
       able as sasl-sample-server.

OPTIONS

       A summary of options is included below.

       -b	 Number of bits to use for encryption.

		 min=N	   minimum number of bits to use (1 => integrity)

		 max=N	   maximum number of bits to use

       -e	 Assume external encryption.

		 ssf=N	   external mech provides N bits of encryption

		 id=ID	   external mech provides authentication id ID

       -m	 Force use of MECH for security.

       -f	 Set security flags.

		 noplain   require security vs. passive attacks

		 noactive  require security vs. active attacks

		 nodict    require security vs. passive dictionary attacks

		 forwardsec
			   require forward secrecy

		 maximum   require all security flags

		 passcred  attempt to pass client credentials

       -i	 Set IP addresses (required by some mechs).

		 local=IP;PORT
			   set local address to IP, port PORT

		 remote=IP;PORT
			   set remote address to IP, port PORT

       -p	 Colon-separated search path for mechanisms.

       -r	 Realm to use.

       -s	 Service name passed to mechanisms.

       -n	 Server fully-qualified domain name.

       -u	 User (authorization) id to request.

       -a	 Id to authenticate as.

       -d	 Disable client-send-first.

       -l	 Enable server-send-last.

SEE ALSO

       For additional information, please see /usr/share/doc/sasl2-bin/testing.txt

AUTHOR

       This  manual page was written by Fabian Fagerholm fabbe@debian.org for the Debian system (but may be used by others). Permission is granted
       to redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation;  either
       version 2 of the License, or (at your option) any later version.

															     SASL-SAMPLE-CLIENT(8)

Check Out this Related Man Page

sasl_server_new(16 May 2001)											      sasl_server_new(16 May 2001)

NAME

       sasl_server_new - Create a new server authentication object

SYNOPSIS

       #include <sasl/sasl.h>

       int sasl_server_new(const char *service,
		       const char *serverFQDN,
		       const char *user_realm,
		       const char *iplocalport,
		       const char *ipremoteport,
		       const sasl_callback_t *callbacks,
		       unsigned secflags,
		       sasl_conn_t ** pconn);

DESCRIPTION

       sasl_server_new()  creates a new SASL context. This context will be used for all SASL calls for one connection. It handles both authentica-
       tion and integrity/encyption layers after authentication.

       service is the registered name of the service (usually the protocol name) using SASL (e.g. "imap").

       serverFQDN is the fully qualified server domain name.  NULL means use gethostname().  This is useful for multi-homed servers.

       user_realm is the domain of the user agent. This is usually not necessary (NULL is default)

       iplocalport is the IP and port of the local side of the connection, or NULL.  If iplocalport  is  NULL  it  will  disable  mechanisms  that
       require	IP  address  information.   This  strings  must  be in one of the following formats: "a.b.c.d;port" (IPv4), "e:f:g:h:i:j:k:l;port"
       (IPv6), or "e:f:g:h:i:j:a.b.c.d;port" (IPv6)

       ipremoteport is the IP and port of the remote side of the connection, or NULL (see iplocalport)

       secflags are security flags (see below)

       pconn is a pointer to the conection context allocated by the library. This structure will be used for all future SASL calls for	this  con-
       nection.

       Security Flags

       Security flags that may be passed to sasl_server_new() include

       NOPLAINTEXT
	       Don't permit mechanisms susceptible to simple passive attack (e.g., PLAIN, LOGIN)

       NOACTIVE
	       Protection from active (non-dictionary) attacks during authentication exchange.	Authenticates server.

       NODICTIONARY
	       Don't permit mechanisms susceptible to passive dictionary attack

       FORWARD_SECURITY
	       Require forward secrecy between sessions. (breaking one won't help break next)

       PASS_CREDENTIALS
	       Require mechanisms which pass client credentials, and allow mechanisms which can pass credentials to do so.

RETURN VALUE

       sasl_server_new()  returns an integer which corresponds to one of the SASL error codes. SASL_OK is the only one that indicates success. All
       others indicate errors and should either be handled or the authentication session should be quit.

CONFORMING TO

       RFC 2222

SEE ALSO

       sasl(3), sasl_errors(3), sasl_server_init(3), sasl_server_start(3), sasl_server_step(3), sasl_setprop(3)

SASL man pages							       SASL					      sasl_server_new(16 May 2001)
Man Page