Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | Next revision Both sides next revision | ||
|
litespeed_wiki:lsmcd:new_sasl [2019/08/22 22:48] qtwrk |
litespeed_wiki:lsmcd:new_sasl [2019/11/07 22:07] Robert Perper [Create and Configure a User Database] |
||
|---|---|---|---|
| Line 28: | Line 28: | ||
| ==== Create and Configure a User Database ==== | ==== Create and Configure a User Database ==== | ||
| - | A user database is required. The recommended method uses saslauthd, which is provided as part of Cyrus SASL to create a sasldb managed database. In prior versions there was only the MEMCACHED_SASL_PWDB environment variable method. | + | A user database is required. The recommended method uses Cyrus SASL to create a sasldb managed database. Note that you become the security administrator for these accounts. |
| - | No matter the method you choose, you become the security administrator for these accounts. | ||
| - | |||
| - | === Option #1 (Recommended): sasldb Managed Database === | ||
| A sasldb database is typically stored in ''/etc/sasldb2'' and is managed using the saslpasswd2 program. You must be root to manage users with saslpasswd2. | A sasldb database is typically stored in ''/etc/sasldb2'' and is managed using the saslpasswd2 program. You must be root to manage users with saslpasswd2. | ||
| Line 39: | Line 36: | ||
| You can use either the simple user name or the realm qualified name visible in ''sasldblistusers2'' (the name with the ''@hostname'' appended to it). Note that for user managed data it will use the name specified (which means the realm qualified and unqualified names will be separate). | You can use either the simple user name or the realm qualified name visible in ''sasldblistusers2'' (the name with the ''@hostname'' appended to it). Note that for user managed data it will use the name specified (which means the realm qualified and unqualified names will be separate). | ||
| - | === Option #2: MEMCACHED_SASL_PWDB Environment Variable === | ||
| - | If there is no ''MEMCACHED_SASL_PWDB'' defined, then the default SASL database is ''/etc/sasl/sasldb.conf'' and will be used if it exists. To specify the location of the SASL database, export the ''MEMCACHED_SASL_PWDB'' environment variable, which is active when LSMCD is started. | ||
| - | |||
| - | If, for example, you create a file named ''/etc/sasl/sasldb.conf'' you would need to export ''MEMCACHED_SASL_PWDB=/etc/sasl/sasldb.conf'' before starting LSMCD. It is considered good practice to have this file owned by the LSMCD user and readable by only that user (''chmod 600''). | ||
| - | |||
| - | Each line in your user database is a user name, a colon ('':''), and a password. For example if you had two users (user and sasluser) you might create a ''/etc/sasl/sasldb.conf'' with the following lines in it: | ||
| - | |||
| - | user:password | ||
| - | sasluser:saslpassword | ||
| - | |||
| - | You will also need to create a SASL Configuration File if you are using this method. | ||
| - | |||
| - | == Create and Configure a SASL Configuration File == | ||
| - | |||
| - | A SASL configuration file must be given one of the following names: ''/etc/sasl/memcached.conf'', ''/tmp/memcached.conf'' or it may be saved to any file or location that you wish via the ''SASL_CONF_PATH'' environment variable. Note that this environment variable must be set in the system environment or in the environment where you started LSMCD (using lsmcdctrl). Regardless of its name or location the LSMCD user must have read permission to access your configuration file. | ||
| - | |||
| - | As of v1.2, there is only one parameter and value supported: | ||
| - | mech_list: PLAIN | ||
| - | | ||
| - | Other SASL parameters can be specified in this file however, they are not supported by LSMCD and will generally be ignored. | ||
| ==== Configure for PHP ==== | ==== Configure for PHP ==== | ||