To create new wiki account, please join us on #znc at Libera.Chat and ask admins to create a wiki account for you. You can say thanks to spambots for this inconvenience.

Cyrusauth: Difference between revisions

From ZNC
Jump to navigation Jump to search
>Un1matr1x
mNo edit summary
>Domin
Added info on how to enable this module during ./configure
Line 1: Line 1:
{{DISPLAYTITLE:saslauth}}
{{DISPLAYTITLE:saslauth}}
{{Core Module | version = 1.0}}
{{Core Module | version = 1.0}}
This module is intended for admins who run a shell/web/email/etc server and want to provide ZNC access to their existing users. By using this module, when your users login to ZNC - either with their IRC client or via the [[webadmin]] module - their password will be checked against your [http://asg.web.cmu.edu/sasl/sasl-library.html Cyrus SASL library] against whatever password checking backend you configured for SASL instead of the ZNC config file.  
This module is intended for admins who run a shell/web/email/etc server and want to provide ZNC access to their existing users. By using this module, when your users login to ZNC - either with their IRC client or via the [[webadmin]] module - their password will be checked against your [http://asg.web.cmu.edu/sasl/sasl-library.html Cyrus SASL library] against whatever password checking backend you configured for SASL instead of the ZNC config file.
 
'''This module needs to be enabled during compiling with the option --enable-cyrus on the ./configure line'''


== Usage ==
== Usage ==

Revision as of 12:47, 24 November 2012

This module is intended for admins who run a shell/web/email/etc server and want to provide ZNC access to their existing users. By using this module, when your users login to ZNC - either with their IRC client or via the webadmin module - their password will be checked against your Cyrus SASL library against whatever password checking backend you configured for SASL instead of the ZNC config file.

This module needs to be enabled during compiling with the option --enable-cyrus on the ./configure line

Usage

Arguments

This global module takes up to two arguments.

Read loading modules to learn more about loading modules.

Valid argument values are:

  • auxprop - this method uses an libsasl2 "Auxiliary Property" plugin to fetch and check the client-provided password. Normally this results in passwords being checked against sasldb2. Consult the libsasl2 manuals for more information.
  • saslauthd - this method calls out to the saslauthd daemon, which also ships with the libsasl2 distribution. The saslauthd daemon has a number of modules of its own, which allow it to do verification of passwords in a variety of ways, including PAM, LDAP, against a Kerberos database, and so on. This is how you would want to, for example, use the data contained in /etc/shadow to authenticate users, since ZNC would then not need to run as uid root.

If no arguments are given the library default method will be used. At the time of writing (cyrus-sasl-2.1.22) default pwcheck_method is auxprop.

SASL Setup Hint

To be able to do authentication through libsasl2 the ZNC process must have adequate access permissions. Usually it is sufficient to add the user ZNC is running as to the unix group sasl, YMMV. If you have problems authenticating your users through SASL you should check whether ZNC can access

  • for auxprop: your sasldb2 password database file (e.g. in Debian at /etc/sasldb2)
  • for saslauthd: the unix domain socket libsasl2 uses to speak to the daemon (e.g. in Debian at /var/run/saslauthd/mux)

For more information consult the documentation distributed with the Cyrus SASL library or a copy of it via HTTP at sendmail.org. If you still have questions you might want to consult the Cyrus-sasl mailing list archive or join the list yourself.