Description
saslpasswd2 is used by a server administrator to set a user's SASL password for server programs and SASL mechanisms which use the standard libsasl database of user secrets. By default it creates, modifies and disables users in a sasldb 5 database. Given an optional configuration file (see: saslpasswd.conf 5) it can also edit other authentication backends.
Options
The following command line parameters are available:
- -p
- This option instructs saslpasswd2 to work in pipe mode. It will neither prompt for the password nor verify that it was entered correctly. This is the default when standard input is not a terminal.
- -c
- Creates an entry for the user if the user doesn't already exist. This is mutually exclusive with the -d option.
- -d
- Deletes the entry for the user. This is mutually exclusive with the -c option.
- -n
- Don't set the plaintext userPassword property for the user. Only mechanism-specific secrets will be set (e.g. OTP, SRP)
- -u domain (default: system FQDN hostname)
- Use domain to set user domain property (realm).
- -f file
- Create sasldb database at specified location. If not specified the default location (/etc/sasldb2) will be used.
- -a appname
- Optionally use appname to set the application name property.
- -v
- Print libsasl 5 version number and exit.
Example
Creating a user:
#
A configuration that lets saslpasswd2 create, modify and disable users in a MySQL server:
# GENERIC options
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: plain cram-md5 digest-md5
log_level: 1
# SQL auxprop plugin options
sql_engines: mysql
sql_hostnames: 127.0.0.1
sql_user: sasl
sql_passwd: secret
sql_database: sasl
sql_select: SELECT %p FROM user WHERE username = '%u' AND userrealm = '%r'
sql_insert: INSERT INTO user (id, username, userrealm, %p) VALUES ('', '%u', '%r', '%v')
sql_update: UPDATE user SET `%p` = '%v' WHERE username = '%u' AND userrealm = '%r'