Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | Next revision Both sides next revision | ||
|
litespeed_wiki:lsmcd:new_sasl [2019/11/07 22:07] Robert Perper [Create and Configure a User Database] |
litespeed_wiki:lsmcd:new_sasl [2019/11/07 22:15] Robert Perper [Create and Configure a User Database] |
||
|---|---|---|---|
| Line 35: | Line 35: | ||
| You can use either the simple user name or the realm qualified name visible in ''sasldblistusers2'' (the name with the ''@hostname'' appended to it). Note that for user managed data it will use the name specified (which means the realm qualified and unqualified names will be separate). | You can use either the simple user name or the realm qualified name visible in ''sasldblistusers2'' (the name with the ''@hostname'' appended to it). Note that for user managed data it will use the name specified (which means the realm qualified and unqualified names will be separate). | ||
| + | |||
| + | ==== Creating a User Database Just for LSMCD ==== | ||
| + | The sasldb database must have permissions which allow the LSMCD user read access to it (typically 640 in most environments). Since this allows read access to any user in the root group, this may not meet your security requirements. This can be circumvented by creating a SASL managed database which is accessible only to the LSMCD user. | ||
| + | |||
| + | As above you will use the saslpasswd2 program. However, specify a database name with the `-f` parameter. For example, to create a user `user1` in the `/etc/sasllsmcd` program specify: | ||
| + | ``` | ||
| + | sudo saslpasswd2 -f /etc/sasllsmcd user1 | ||
| + | ``` | ||
| + | Then you will want to make the database owned by the LSMCD user (`nobody` by default) and accessible only to that user: | ||
| + | ``` | ||
| + | sudo chown nobody:nobody /etc/sasllsmcd | ||
| + | sudo chmod 600 /etc/sasllsmcd | ||
| + | ``` | ||
| + | The program `sasllistusers2` also supports the `-f` option. | ||