Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

sasl-sample-server(8) [debian man page]

SASL-SAMPLE-SERVER(8)					      System Manager's Manual					     SASL-SAMPLE-SERVER(8)

NAME

       sasl-sample-server -- Sample server program for demonstrating and testing SASL authentication.

SYNOPSIS

       sasl-sample-server  [-b	min=N,max=N]  [-e ssf=N,id=ID]	[-m MECH]  [-f FLAGS]  [-i local=IP,remote=IP]	[-p PATH]  [-d DOM]  [-u DOM]  [-s
       NAME]  [-l]

DESCRIPTION

       This manual page documents briefly the sasl-sample-server command.

       This manual page was written for the Debian distribution because the original program does not have a manual page.

       sasl-sample-server is a program to demonstrate and test SASL authentication. It implements the server part, and the client part	is  avail-
       able as sasl-sample-client.

OPTIONS

       A summary of options is included below.

       -b	 Number of bits to use for encryption.

		 min=N	   minimum number of bits to use (1 => integrity)

		 max=N	   maximum number of bits to use

       -e	 Assume external encryption.

		 ssf=N	   external mech provides N bits of encryption

		 id=ID	   external mech provides authentication id ID

       -m	 Force use of MECH for security.

       -f	 Set security flags.

		 noplain   require security vs. passive attacks

		 noactive  require security vs. active attacks

		 nodict    require security vs. passive dictionary attacks

		 forwardsec
			   require forward secrecy

		 maximum   require all security flags

		 passcred  attempt to pass client credentials

       -i	 Set IP addresses (required by some mechs).

		 local=IP;PORT
			   set local address to IP, port PORT

		 remote=IP;PORT
			   set remote address to IP, port PORT

       -p	 Colon-separated search path for mechanisms.

       -s	 Service name passed to mechanisms.

       -d	 Local server domain.

       -u	 User domain.

       -l	 Enable server-send-last.

SEE ALSO

       For additional information, please see /usr/share/doc/sasl2-bin/testing.txt

AUTHOR

       This  manual page was written by Fabian Fagerholm fabbe@debian.org for the Debian system (but may be used by others). Permission is granted
       to redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation;  either
       version 2 of the License, or (at your option) any later version.

															     SASL-SAMPLE-SERVER(8)

Check Out this Related Man Page

sasl_client_new(21 June 2001)											     sasl_client_new(21 June 2001)

NAME

       sasl_client_new - Create a new client authentication object

SYNOPSIS

       #include <sasl/sasl.h>

       int sasl_client_new(const char *service,
		       const char *serverFQDN,
		       const char *iplocalport,
		       const char *ipremoteport,
		       const sasl_callback_t *prompt_supp,
		       unsigned secflags,
		       sasl_conn_t ** pconn);

DESCRIPTION

       sasl_client_new()  creates a new SASL context. This context will be used for all SASL calls for one connection. It handles both authentica-
       tion and integrity/encyption layers after authentication.

       service is the registered name of the service (usually the protocol name) using SASL (e.g. "imap").

       serverFQDN is the fully qualified domain name of the server (e.g. "serverhost.cmu.edu").

       iplocalport is the IP and port of the local side of the connection, or NULL.  If iplocalport  is  NULL  it  will  disable  mechanisms  that
       require	IP  address  information.   This  strings  must  be in one of the following formats: "a.b.c.d;port" (IPv4), "e:f:g:h:i:j:k:l;port"
       (IPv6), or "e:f:g:h:i:j:a.b.c.d;port" (IPv6)

       ipremoteport is the IP and port of the remote side of the connection, or NULL (see iplocalport)

       prompt_supp is a list of client interactions supported that is unique to this connection. If this parameter is NULL  the  global  callbacks
       (specified in sasl_client_init) will be used. See sasl_callback for more information.

       secflags are security flags (see below)

       pconn is the conection context allocated by the library. This structure will be used for all future SASL calls for this connection.

       Security Flags

       Security flags that may be passed to sasl_server_new() include

       SASL_SEC_NOPLAINTEXT
	       Don't permit mechanisms susceptible to simple passive attack (e.g., PLAIN, LOGIN)

       SASL_SEC_NOACTIVE
	       Protection from active (non-dictionary) attacks during authentication exchange. Authenticates server.

       SASL_SEC_NODICTIONARY
	       Don't permit mechanisms susceptible to passive dictionary attack

       SASL_SEC_FORWARD_SECURITY
	       Require forward secrecy between sessions. (breaking one won't help break next)

       SASL_SEC_NOANONYMOUS
	       Don't permit mechanisms that allow anonymous login

       SASL_SEC_PASS_CREDENTIALS
	       Require mechanisms which pass client credentials, and allow mechanisms which can pass credentials to do so.

       SASL_SEC_MAXIMUM
	       All of the above.

RETURN VALUE

       sasl_client_new	returns  an  integer  which corresponds to one of the following codes. SASL_OK is the only one that indicates success. All
       others indicate errors and should either be handled or the authentication session should be quit.

ERRORS

       SASL_OK Success

       SASL_BADPARAM
	       Error in config file or passed parameters

       SASL_NOMECH
	       No mechanism meets requested properties

       SASL_NOMEM
	       Not enough memory to complete operation

CONFORMING TO

       RFC 2222

SEE ALSO

       sasl(3), sasl_client_init(3), sasl_client_start(3), sasl_client_step(3), sasl_setprop(3)

SASL man pages							       SASL					     sasl_client_new(21 June 2001)
Man Page