Codebase list cyrus-sasl2 / debian/2.1.25.dfsg1-5 debian / doc / sql.5.xml
debian/2.1.25.dfsg1-5

Tree @debian/2.1.25.dfsg1-5 (Download .tar.gz)

sql.5.xml @debian/2.1.25.dfsg1-5raw · history · blame 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<refentry id="auxprop-sql.5">
  <refentryinfo>
    <title>Cyrus SASL sql auxprop plugin</title>
  </refentryinfo>

  <refmeta>
    <refentrytitle>sql</refentrytitle>

    <manvolnum>5</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>sql</refname>

    <refpurpose>auxiliary property plugin</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <para>Cyrus SASL auxprop plugin to access sql authentication
    backends.</para>
  </refsynopsisdiv>

  <refsection>
    <title>Description</title>

    <para>This document describes configuration options for the Cyrus SASL
    auxiliary property plugin <option>sql</option>.</para>

    <para><option>sql</option> is a generic plugin for various SQL backends.
    Currently it provides access to either MySQL, PostgreSQL or SQLite
    databases.</para>

    <note>
      <para>The plugin requires that passwords in the database are stored in
      plaintext format in order to use shared-secret mechanisms.</para>
    </note>
  </refsection>

  <refsection>
    <title>Configuration Syntax</title>

    <para>The following syntax is mandatory for <option>sql</option> plugin
    configuration:</para>

    <itemizedlist>
      <listitem>
        <para>SQL statements specified with <parameter>sql_select</parameter>,
        <parameter>sql_select</parameter> and
        <parameter>sql_select</parameter> must not be enclosed in
        quotes.</para>
      </listitem>

      <listitem>
        <para>Macros, e.g. <option>%u</option>, <option>%r</option> and
        <option>%v</option>, specified within SQL statements must be quoted
        individually.</para>
      </listitem>
    </itemizedlist>

    <para>See <xref linkend="example" /> for a valid configuration
    example.</para>
  </refsection>

  <refsection>
    <title>Options</title>

    <para>The following configuration parameters are applicable in the context
    of the <option>sql</option> plugin:</para>

    <variablelist>
      <varlistentry>
        <term><parameter>sql_engine</parameter> (default:
        <option>mysql</option>)</term>

        <listitem>
          <para>Specifies the type of SQL engine to use for connections to the
          SQL backend. The following types are available:</para>

          <variablelist>
            <varlistentry>
              <term><option>mysql</option></term>

              <listitem>
                <para>Enables the mysql driver for connections to a MySQL
                server.</para>
              </listitem>
            </varlistentry>

            <varlistentry>
              <term><option>pgsql</option></term>

              <listitem>
                <para>Enables the pgsql driver for connections to a PostgreSQL
                server.</para>
              </listitem>
            </varlistentry>

            <varlistentry>
              <term><option>sqlite</option></term>

              <listitem>
                <para>Enables the sqlite driver for connections to a SQLite
                server.</para>
              </listitem>
            </varlistentry>
          </variablelist>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><parameter>sql_hostnames</parameter> (default: empty)</term>

        <listitem>
          <para>A comma-separated list of one or more SQL servers the plugin
          should try to connect to and query from. Specify servers separated
          in <literal>hostname[:port]</literal> format.</para>

          <note>
            <para>Specify <systemitem class="server">localhost</systemitem>
            when using the MySQL engine to communicate over a UNIX domain
            socket and <systemitem class="ipaddress">127.0.0.1</systemitem> to
            attempt a connection that uses a TCP socket.</para>
          </note>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><parameter>sql_user</parameter> (default empty)</term>

        <listitem>
          <para>Configures the username the plugin will send when it
          authenticates to the SQL server.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><parameter>sql_passwd</parameter> (defaults: empty)</term>

        <listitem>
          <para>Configures the password the plugin will send when it
          authenticates to the SQL server.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><parameter>sql_database</parameter> (default: empty)</term>

        <listitem>
          <para>Specifies the name of the database which contains auxiliary
          properties (e.g. username, realm, password etc.)</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><parameter>sql_select</parameter> (default: empty)</term>

        <listitem>
          <para>Mandatory <literal>SELECT</literal> statement used to fetch
          properties from the SQL database.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><parameter>sql_insert</parameter> (default: empty)</term>

        <listitem>
          <para>Optional <literal>INSERT</literal> statement used to create
          properties for new users in the SQL database.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><parameter>sql_update</parameter> (default: empty)</term>

        <listitem>
          <para>Optional <literal>UPDATE</literal> statement used to modify
          properties in the SQL database.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><parameter>sql_usessl</parameter> (default:
        <option>no</option>)</term>

        <listitem>
          <para>Specify either <option>yes</option>, <option>on</option>,
          <option>1</option> or <option>true</option>, and the plugin will try
          to establish a secure connection to the SQL server.</para>

          <remark>Does this really work? I remember it doesn't ...</remark>
        </listitem>
      </varlistentry>
    </variablelist>

    <refsection>
      <title>Macros</title>

      <para>The sql plugin provides macros to build
      <parameter>sql_select</parameter>, <parameter>sql_select</parameter> and
      <parameter>sql_select</parameter> statements. They will be replaced with
      arguments sent from the client. The following macros exist:</para>

      <variablelist>
        <varlistentry>
          <term>%u</term>

          <listitem>
            <para>The name of the user whose properties are being selected,
            inserted or updated.</para>
          </listitem>
        </varlistentry>

        <varlistentry>
          <term>%p</term>

          <listitem>
            <para>The name of the property being selected, inserted or
            updated. While this could technically be anything, Cyrus SASL will
            try <parameter>userPassword</parameter> and
            <parameter>cmusaslsecret<replaceable>MECHNAME</replaceable></parameter>
            (where <replaceable>MECHNAME</replaceable> is the name of a SASL
            mechanism).</para>
          </listitem>
        </varlistentry>

        <varlistentry>
          <term>%r</term>

          <listitem>
            <para>Name of the realm to which the user belongs. This could be
            the KERBEROS realm, the FQDN of the computer the SASL application
            is running on or whatever is after the @ on a username.</para>
          </listitem>
        </varlistentry>

        <varlistentry>
          <term>%v</term>

          <listitem>
            <para>Value of the property being stored during insert or update
            operations. While this could technically be anything depending on
            the property itself, it generally is a
            <parameter>userPassword</parameter>.</para>
          </listitem>
        </varlistentry>
      </variablelist>
    </refsection>
  </refsection>

  <refsection id="example">
    <title>Example</title>

    <para>The following example shows a typical <option>sql</option>
    configuration:</para>

    <programlisting>pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: plain login cram-md5 digest-md5
sql_engine: pgsql
sql_hostnames: 127.0.0.1, 192.0.2.1
sql_user: username
sql_passwd: secret
sql_database: company
sql_select: SELECT password FROM users WHERE user = '%u'@'%r'</programlisting>
  </refsection>

  <refsection>
    <title>See also</title>

    <para><citerefentry>
        <refentrytitle>authdaemond</refentrytitle>

        <manvolnum>5</manvolnum>
      </citerefentry>, <citerefentry>
        <refentrytitle>ldapdb</refentrytitle>

        <manvolnum>5</manvolnum>
      </citerefentry>, <citerefentry>
        <refentrytitle>libsasl</refentrytitle>

        <manvolnum>5</manvolnum>
      </citerefentry>, <citerefentry>
        <refentrytitle>saslauthd</refentrytitle>

        <manvolnum>8</manvolnum>
      </citerefentry>, <citerefentry>
        <refentrytitle>saslauthd.conf</refentrytitle>

        <manvolnum>5</manvolnum>
      </citerefentry>, <citerefentry>
        <refentrytitle>saslpasswd2</refentrytitle>

        <manvolnum>5</manvolnum>
      </citerefentry>, <citerefentry>
        <refentrytitle>sasldblistusers2</refentrytitle>

        <manvolnum>5</manvolnum>
      </citerefentry>, <citerefentry>
        <refentrytitle>sasldb</refentrytitle>

        <manvolnum>5</manvolnum>
      </citerefentry>, <citerefentry>
        <refentrytitle>sql</refentrytitle>

        <manvolnum>5</manvolnum>
      </citerefentry></para>
  </refsection>

  <refsection>
    <title>Readme files</title>

    <para><filename>README.Debian</filename></para>
  </refsection>

  <refsection>
    <title>Author</title>

    <para>This manual was written for the Debian distribution because the
    original program does not have a manual page. Parts of the documentation
    have been taken from the Cyrus SASL's
    <filename>options.html</filename>.</para>

    <para><address>Patrick Ben Koetter
<email>p@state-of-mind.de</email></address></para>
  </refsection>
</refentry>