Description
saslpasswd2 is used by a server administrator to set a user's SASL password for server programs and SASL mechanisms which use the standard libsasl database of user secrets. By default it creates, modifies and disables users in a sasldb 5 database. Given an optional configuration file (see: saslpasswd.conf 5) it can also edit other authentication backends.
Options
The following command line parameters are available:
- -p
- This option instructs saslpasswd2 to work in pipe mode. It will neither prompt for the password nor verify that it was entered correctly. This is the default when standard input is not a terminal.
- -c
- Creates an entry for the user if the user doesn't already exist. This is mutually exclusive with the -d option.
- -d
- Deletes the entry for the user. This is mutually exclusive with the -c option.
- -n
- Don't set the plaintext userPassword property for the user. Only mechanism-specific secrets will be set (e.g. OTP, SRP)
- -u domain (default: system FQDN hostname)
- Use domain to set user domain property (realm).
- -f file
- Create sasldb database at specified location. If not specified the default location (/etc/sasldb2) will be used.
- -a appname
- Optionally use appname to set the application name property.
- -v
- Print libsasl 5 version number and exit.
Example
Creating a user:
#
A configuration that lets saslpasswd2 create, modify and disable users in a MySQL server:
# GENERIC options pwcheck_method: auxprop auxprop_plugin: sql mech_list: plain cram-md5 digest-md5 log_level: 1 # SQL auxprop plugin options sql_engines: mysql sql_hostnames: 127.0.0.1 sql_user: sasl sql_passwd: secret sql_database: sasl sql_select: SELECT %p FROM user WHERE username = '%u' AND userrealm = '%r' sql_insert: INSERT INTO user (id, username, userrealm, %p) VALUES ('', '%u', '%r', '%v') sql_update: UPDATE user SET `%p` = '%v' WHERE username = '%u' AND userrealm = '%r'