OpenPKG Specs / file revision

sasl/saslauthd.conf@0ba300bdf30a

sasl/saslauthd.conf

Mon, 20 Apr 2009 19:22:00 +0200

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Mon, 20 Apr 2009 19:22:00 +0200
changeset 178
0ba300bdf30a
permissions
-rw-r--r--

Change unfortunate but partly useful overreaching security tradeoff.
The principle of allocating each running process an individual system
user and group can have security benefits, however maintining a plethora
of users, groups, processes, file modes, file permissions, and even
nonportable file ACLs on a host serving from a hundred processes has
some security disadvantages. This tradeoff is even worse for systems
like OpenPKG which benefit from administration transparency through the
use of minimal system intrusion and only three usage privilege levels.

     1 ##

     2 ##  saslauthd.conf -- SASL Authentication Daemon Configuration

     3 ##

     4 

     5 #   white space separated list of LDAP servers

     6 ldap_servers: ldap://127.0.0.1

     7 

     8 #   authentication for restricted LDAP servers

     9 #ldap_bind_dn: cn=operator,ou=Profile,o=example.com

    10 #ldap_bind_pw: secret

    11 

    12 #   LDAP version to use (2|3)

    13 #ldap_version 3

    14 

    15 #   LDAP timeout

    16 #ldap_timeout 5

    17 

    18 #   LDAP aliases (search|find|always|never)

    19 ldap_deref: never

    20 

    21 #   follow LDAP referrals ?

    22 ldap_referrals: no

    23 

    24 #   restart LDAP I/O operations that fail ?

    25 ldap_restart: yes

    26 

    27 #   search scope (sub|one|base)

    28 #ldap_scope: sub

    29 

    30 #   starting point for a search

    31 ldap_search_base: MUST-SPECIFY

    32 

    33 #   authenticate against LDAP (bind|custom|fastbind)

    34 ldap_auth_method: bind

    35 

    36 #   Filter LDAP records, %u = username, %r = realm

    37 #   if ldap_auth_method is 'bind' the filter searches for the DN

    38 #   otherwise the filter searches for the userPassword attribute

    39 #ldap_filter: uid=%u

    40 

    41 #   debugging LDAP operation

    42 #ldap_debug 0

    43 

    44 #   require and verify server certificate

    45 #ldap_tls_check_peer:  no

    46 #ldap_tls_cacert_file:

    47 #ldap_tls_cacert_dir:

    48 

    49 #   list of SSL/TLS ciphers to allow

    50 #ldap_tls_ciphers: DEFAULT

    51 

    52 #   files containing client certificate and key

    53 #ldap_tls_cert:

    54 #ldap_tls_key:

    55

Mercurial Repository: OpenPKG Specs

Europalab SCM Repository Server

mercurial