Dico |
|
GNU Dictionary Server |
Sergey Poznyakoff |
4.3.4 SASL Authentication
The SASL authentication is available if the server was compiled with GNU SASL.
- Configuration: sasl { statements }
This block statement configures SASL authentication. The following is a short summary of its syntax and the available substatements:
sasl { # Disable SASL mechanisms listed in mech. disable-mechanism mech; # Enable SASL mechanisms listed in mech. enable-mechanism mech; # Set service name for GSSAPI and Kerberos. service name; # Set realm name for GSSAPI and Kerberos. realm name; # Define groups for anonymous users. anon-group group-list; }
The list of available authentication mechanisms is configured using two statements:
- sasl: disable-mechanism mech
Disables SASL mechanisms listed in mech, which is a list of names.
- sasl: enable-mechanism mech
Enables SASL mechanisms listed in mech, which is a list of names.
The server builds a list of available mechanisms using the following
algorithm. First, a list of implemented mechanisms is retrieved from
the SASL library. If the enable-mechanism
statement is
defined, the resulting list is filtered so that only mechanisms listed
in enable-mechanism
remain. Further, if the
disable-mechanism
statement is defined, the names listed there
are removed from the list.
- sasl: service name
Sets the service name for GSSAPI and Kerberos mechanisms.
- sasl: realm name
Sets the realm name.
- sasl: anon-group list
Sets the list of user groups considered anonymous.
The database of user credentials depends on the authentication
mechanism used. For GSSAPI or Kerberos it is managed by appropriate
servers. Other mechanisms use the standard dicod
user database
configuration (see Authentication).
This document was generated on September 4, 2020 using makeinfo.
Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.