# If you want to uninstall Cyrus SASL or just clean up files from an old
# version before installing this one, skip down to the bottom for
# instructions
# Prerequisites:
# Berkeley DB (bdb) (optional; bdb, gdbm or ndbm is required for SASLDB)
# GDBM (optional)
# PAM (optional)
# OpenSSL (optional)
# OpenLDAP >= 2.1.27 or >= 2.2.6 (optional)
# Kerberos (optional)
# OPIE (optional)
# MySQL (--enable-sql requires libmysqlclient; optional)
# PostgreSQL (optional)
# SQLite (optional)
# If you do build it to only use PLAIN and LOGIN, make sure you use TLS/SSL
# with your apps that use SASL.
# If you have trouble with the download URL below, look through the releases
# on GitHub for the latest 2.1.x:
# https://www.cyrusimap.org/releases/
# OpenSSL >= 1.1.0 is supported as of Cyrus SASL 2.1.27
# For documentation (re-)generation, become root and install Python Sphinx
# and Perl Pod::POM::View::Restructured
su
pip install -U Sphinx
perl -MCPAN -e shell
install Bundle::CPAN
install Pod::POM::View::Restructured
quit
exit
# Get it
cd
test -f installed/cyrus-sasl-2.1.28.tar.gz &&
mv installed/cyrus-sasl-2.1.28.tar.gz .
test ! -f cyrus-sasl-2.1.28.tar.gz &&
wget https://github.com/cyrusimap/cyrus-sasl/releases/download/\
cyrus-sasl-2.1.28/cyrus-sasl-2.1.28.tar.gz
# Verify the tarball w/ sha256sum:
# (this came from my gpg-verified tarball)
echo "7ccfc6abd01ed67c1a0924b353e526f1b766b21f42d4562ee635a8ebfc5bb3\
8c cyrus-sasl-2.1.28.tar.gz" | sha256sum -c
# Extract the source
mkdir -p -m 0700 ~/src
cd ~/src
find -maxdepth 1 -type d -name "cyrus-sasl-*" -exec rm -r {} \;
tar xzvf ~/cyrus-sasl-2.1.28.tar.gz
cd cyrus-sasl-2.1.28
test $UID = 0 && chown -R root:root .
# Read through docs locally
# 'lynx doc/legacy/index.html'
# or
# Cyrus SASL 2.1.28
# See the output of './configure --help' for the many options
# If you want to let it figure out what you have installed and use the
# defaults for everything, just run ./configure
# There is an auxprop plugin for LDAP at www.surf.org.uk that should give
# you CRAM-MD5, DIGEST-MD5, etc. but I have not used it in years.
#
# There is now also a LDAPDB auxprop plugin, see below. You can use it
# for apps to use SASL, and SASL to use LDAP (instead of PAM, shadow,
# SASLDB, etc.). You would do this via 'saslauthd -a ldap'. It requires
# OpenLDAP with SASL support, so you'll probably want to build SASL first
# without LDAP, then OpenLDAP with SASL, then SASL again with LDAPDB.
# If you want to enable SQL support, pass --enable-sql to configure
#
# You probably don't want to enable it if you will not actually be using
# it, because you will get loads of log entries like this:
# sql_select option missing
# auxpropfunc error no mechanism available
# _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql
# After installation, to quiet those (and remove SQL support), remove
# the libsql.* files in your plugin directory (i.e.
# /usr/lib*/sasl2/libsql.*).
#
# If you want to enable MySQL support specifically, that is the default,
# that will be used as long as libmysqlclient is installed and available.
#
# If you want to enable SQLite support, add --with-sqlite3=path (or
# --with-sqlite if not 3.x) in addition to --enable-sql
# If you have OpenLDAP installed, but you don't want to build saslauthd with
# direct LDAP support, use --without-ldap
#
# If you want to use the LDAPDB auxprop plugin, in addition to --with-ldap,
# also pass --enable-ldapdb
# If you use PAM for system tools but do not want to use it for SASL
# authentication, use --without-pam
# If you want to build SASL with support for mechs like SCRAM, OTP, SRP,
# NTLM, and PASSDSS, build it with OpenSSL support. If yours is installed
# from source under the < 1.1.0 /usr/local/ssl prefix, pass
# --with-openssl=/usr/local/ssl to configure and you may also need this
# before configure:
# CPPFLAGS=-I/usr/local/ssl/include LDFLAGS=-L/usr/local/ssl/lib \
#
# If you are running 64-bit ('uname -m' = x86_64), make sure you use
# /usr/lib64 or /usr/local/lib64 for --libdir and --with-plugindir
# (and LDFLAGS if needed)
## Match Slackware's paths:
## ** and don't forget to use /usr/lib64 if 64-bit **
# ./configure --prefix=/usr --sysconfdir=/etc --with-configdir=/etc/sasl2 \
# --docdir=/usr/doc/cyrus-sasl --libdir=/usr/lib --mandir=/usr/man \
# --localstatedir=/var --with-plugindir=/usr/lib/sasl2
## If you use --without-openssl, also pass --without-des or you may get
## something like this when compiling:
# auth_getpwent.c:57:20: fatal error: des.h: No such file or directory
## If no matter what is installed, you want just LOGIN and PLAIN for use
## with 'saslauthd -a shadow', no SASLDB, no other mechs, no PAM, no LDAP,
## no OpenSSL, use the Slackware paths one above as a base, and add these:
# --without-openssl --without-des --with-dblib=none --without-pam \
# --without-ldap --disable-checkapop --disable-cram --disable-digest \
# --disable-scram --disable-otp --disable-krb4 --disable-gssapi \
# --disable-anon --enable-login
# If you are 64-bit, want MySQL/MariaDB and not PostgreSQL, and it is
# installed under /usr/local/mysql, you probably need
# LDFLAGS=-L/usr/local/mysql/lib64 before configure, and --enable-sql
# --with-mysql=/usr/local/mysql
# Become root to back up files, clean up files, and to install it
su
# Back up your sendmail SASL configuration, if you have one
# If you have more than one, it will only back up the first
test ! -d /root/backup/sendmail && mkdir -p -m 0700 /root/backup/sendmail
BACKUPFILE=/root/backup/sendmail/Sendmail.conf-$(date +%Y%m%d)
for confdir in /etc/sasl2 /usr/local/etc;
do
test -f ${confdir}/Sendmail.conf &&
test ! -f $BACKUPFILE &&
cp -a ${confdir}/Sendmail.conf $BACKUPFILE
done
unset BACKUPFILE
# From this point on, really keep in mind what you've got running. If you
# have 10,000 users that are authenticating via SASL, you probably don't
# want to just stop saslauthd and blow away old files as done below :-)
# If linked with shared libraries, you will need to restart anything you've
# got running that uses SASL: sendmail, Cyrus IMAP, Apache, Samba, etc. Any
# daemon running that is linked with libsasl2.so may go crazy before you
# restart that. Check 'lsof /usr/lib*/libsasl2.*' for an idea. If you can,
# shut down everything using SASL, then re-start them after 'make install'
# below.
# If saslauthd is running, stop it
test -x /etc/rc.d/rc.saslauthd && /etc/rc.d/rc.saslauthd stop
sleep 2
killall saslauthd
sleep 2
killall -9 saslauthd
# Remove the Slackware package
test -x /sbin/removepkg && /sbin/removepkg cyrus-sasl
# Remove old files to ensure no conflicts between multiple installed
# versions. This will zap anything like sendmail's SASL configuration
# file: Sendmail.conf
rm -f /etc/rc.d/rc.saslauthd
test -d /etc/sasl2 && rm -r /etc/sasl2
for pfx in /usr /usr/local;
do
test -d ${pfx}/include/sasl && rm -r ${pfx}/include/sasl
test -L ${pfx}/lib/sasl2 && rm -f ${pfx}/lib/sasl2
test -L ${pfx}/lib64/sasl2 && rm -f ${pfx}/lib64/sasl2
test -d ${pfx}/lib/sasl2 && rm -r ${pfx}/lib/sasl2
test -d ${pfx}/lib64/sasl2 &&
( rm -r ${pfx}/lib64/sasl2
rm ${pfx}/lib/pkgconfig/libsasl2.pc )
test -d ${pfx}/man/man8 &&
( cd ${pfx}/man/man8
rm -f pluginviewer.8 sasldblistusers2.8 saslpasswd2.8 )
( cd ${pfx}/sbin
rm -f pluginviewer saslauthd sasldblistusers2 saslpasswd2 testsaslauthd )
test -d ${pfx}/lib64 && rm -f ${pfx}/lib64/libsasl2.*
rm -f ${pfx}/lib/libsasl2.* /usr/man/man3/sasl_*.3
done
test -d /var/state/saslauthd && rm -r /var/state/saslauthd
rm -f /var/man/cat8/saslauthd.8.xz
# Install the newly built Cyrus SASL
make install
ldconfig
# The shared library is libsasl2.so.3.0.0 If you have anything linked
# with libsasl2.so.2, this Band-aid may or may not work until you
# recompile it:
for libdir in /usr/lib64 /usr/lib /usr/local/lib64 /usr/local/lib;
do
test -f ${libdir}/libsasl2.so &&
test ! -L ${libdir}/libsasl2.so.2 &&
ln -s ${libdir}/libsasl2.so ${libdir}/libsasl2.so.2 &&
ldconfig
done
# If you use saslauthd, create these directories:
test ! -d /etc/sasl2 && mkdir -p /etc/sasl2
test ! -d /var/state/saslauthd && mkdir -p /var/state/saslauthd
# Put your sendmail sasl config file back, if you have one
for sasldir in /etc/sasl2 /usr/local/etc;
do
test -d $sasldir &&
test ! -f ${sasldir}/Sendmail.conf &&
test -f /root/backup/sendmail/Sendmail.conf-$(date +%Y%m%d) &&
cp -a /root/backup/sendmail/Sendmail.conf-$(date +%Y%m%d) \
${sasldir}/Sendmail.conf
done
# To start saslauthd on boot-up, Slackware will run /etc/rc.d/rc.saslauthd
# (from rc.M) if it exists and is executable. Open it up and set it to use
# '-a shadow', '-a pam', '-a ldap' or whatever you'll be using. See
# 'man saslauthd' for other options. If you do let saslauthd get started
# out of rc.saslauthd via rc.M, make sure your SASL-using apps like sendmail
# and Cyrus IMAP get started after saslauthd does. Run this blurb to get a
# sample rc.saslauthd from me, or find one on ftp.slackware.com in
# /pub/slackware/slackware-current/source/n/cyrus-sasl/
cd /etc/rc.d
test -f rc.saslauthd &&
( mv -f rc.saslauthd rc.saslauthd.old ; chmod 600 rc.saslauthd.old )
wget -nc http://englanders.us/pub/linux/misc/rc.saslauthd
chmod 700 rc.saslauthd
## If your system doesn't run rc.saslauthd out of rc.M, add something like
## this to /etc/rc.d/rc.local (before SASL-using apps start):
# if [ -x /etc/rc.d/rc.saslauthd ]; then
# /etc/rc.d/rc.saslauthd start
# fi
# As of SASL 2.1.13, there's a -c option for caching authentication
# credentials. If you run a busy system, you'll probably want to use this.
## If you built it with PAM...
## Put something like this in /etc/pam.d/smtp for sendmail. Create a
## /etc/pam.d/imap, /etc/pam.d/pop, and a /etc/pam.d/sieve for Cyrus IMAP.
# #%PAM-1.0
# auth sufficient /lib/security/pam_ldap.so
# auth required /lib/security/pam_unix_auth.so try_first_pass
# account sufficient /lib/security/pam_ldap.so
# account required /lib/security/pam_unix_acct.so
## If you built it with LDAP support...
## If you want to use a different /etc/ldap.conf (nss/pam_ldap config)
## for SMTP auth (and/or Cyrus logins), you can replace the first line above
## with something like this (and cp /etc/ldap.conf to /etc/ldap.conf.smtp)
# auth sufficient /lib/security/pam_ldap.so config=/etc/ldap.conf.smtp
# If you're going to use saslauthd with sendmail...
# Create a /usr/lib*/sasl2/Sendmail.conf, if you don't already have one:
test -d /etc/sasl2 &&
( test ! -f /etc/sasl2/Sendmail.conf &&
echo "pwcheck_method: saslauthd" > /etc/sasl2/Sendmail.conf )
test ! -d /etc/sasl2 &&
( test ! -f /usr/local/etc/Sendmail.conf &&
echo "pwcheck_method: saslauthd" > /usr/local/etc/Sendmail.conf )
## If you're going to use saslauthd with Cyrus IMAP...
## Put this in /etc/imapd.conf
# sasl_pwcheck_method: saslauthd
# If you use SASLDB and not saslauthd, use "pwcheck_method: auxprop" for
# /etc/sasl2/Sendmail.conf or /usr/local/etc/Sendmail.conf depending on
# your --sysconfdir and use "sasl_pwcheck_method: auxprop" in
# /etc/imapd.conf if you are using Cyrus IMAP with SASLDB.
#
# Also make sure that the other software can read the /etc/sasldb2 file
# If you want both Cyrus IMAP and sendmail to be able to access it, for
# example, you can create a group and add your cyrus and sendmail (daemon)
# users to it, then make the sasldb2 file group-owned by that group and
# change permissions to g+r
#
# See 'man saslpasswd2' for info about creating/updating users in
# /etc/sasldb2 and 'man sasldblistusers2' for info about listing them.
# If you run saslauthd with "-a ldap", create /etc/saslauthd.conf or
# /usr/local/etc/saslauthd.conf if you use the /usr/local prefix
test ! -f /etc/saslauthd.conf &&
cat << EOF > /etc/saslauthd.conf
ldap_servers: ldap://127.0.0.1/ ldap://192.168.0.123/
ldap_search_base: ou=people,dc=foo,dc=org
ldap_default_domain: foo.org
EOF
# (Re-)start saslauthd
test -x /etc/rc.d/rc.saslauthd && /etc/rc.d/rc.saslauthd restart
# Become yourself again
exit
# Save tarball for later
cd
mkdir -p -m 0700 installed
rm -f installed/cyrus-sasl-*.tar.*
mv cyrus-sasl-2.1.28.tar.gz installed/
# If you ever need to uninstall Cyrus SASL, after reconfiguring/rebuilding
# apps that use it to stop doing so, run this. If you have the source (and
# configure has been run), the 'make uninstall' part should do it. The rest
# is to make sure it's really all gone.
cd
su
test -d src/cyrus-sasl-2.1.28 &&
( cd src/cyrus-sasl-2.1.28 ; make uninstall )
find src -maxdepth 1 -type d -name "cyrus-sasl-*" -exec rm -r {} \;
test -x /etc/rc.d/rc.saslauthd && /etc/rc.d/rc.saslauthd stop
sleep 2
killall saslauthd
sleep 2
killall -9 saslauthd > /dev/null 2>&1
test -L /usr/lib/sasl2 && rm /usr/lib/sasl2
for pfx in /usr /usr/local;
do
find ${pfx}/doc -maxdepth 1 -type d -name "cyrus-sasl-*" -exec rm -r {} \;
test -d ${pfx}/doc/cyrus-sasl && rm -r ${pfx}/doc/cyrus-sasl
test -d ${pfx}/include/sasl && rm -r ${pfx}/include/sasl
test -d ${pfx}/lib/pkgconfig && rm -f ${pfx}/lib/pkgconfig/libsasl2.pc
test -d ${pfx}/lib/sasl2 && rm -r ${pfx}/lib/sasl2
test -d ${pfx}/lib64 && rm -f ${pfx}/lib64/libsasl2.*
test -d ${pfx}/lib64/pkgconfig && rm -f ${pfx}/lib64/pkgconfig/libsasl2.pc
test -d ${pfx}/lib64/sasl2 && rm -r ${pfx}/lib64/sasl2
( cd ${pfx}/lib ; rm -f libsasl2.* )
( cd ${pfx}/man/cat3 ; rm -f sasl_*.3 sasl.3 )
( cd ${pfx}/man/cat8
rm -f pluginviewer.8 saslauthd.8 sasldblistusers2.8 saslpasswd2.8 )
( cd ${pfx}/man/man3 ; rm -f sasl_*.3 sasl.3 )
( cd ${pfx}/man/man8
rm -f pluginviewer.8 saslauthd.8 sasldblistusers2.8 saslpasswd2.8 )
( cd ${pfx}/sbin
rm -f pluginviewer saslauthd sasldblistusers2 testsaslauthd )
done
test -d /etc/sasl2 && rm -r /etc/sasl2
test -d /var/state/saslauthd && rm -r /var/state/saslauthd
rm -f /etc/rc.d/rc.saslauthd
exit
find ~/src -maxdepth 1 -type d -name "cyrus-sasl-*" -exec rm -r {} \;
rm -f ~/installed/cyrus-sasl-*.tar.*