This document contains information on what options are used by the Cyrus SASL library and bundled mechanisms:
| Option | Used By | Description | Default |
|---|---|---|---|
| auto_transition | SASL Library | When set to 'yes' and when using the sasldb auxprop plugin, automatically transition users to other mechs when they do a successful plaintext authentication | no |
| auxprop_plugin | Auxilliary Property Plugin | Name of auxillary plugin to use | (null) - querys all plugins |
| canon_user_plugin | SASL Library | Name of canon_user plugin to use | INTERNAL |
| keytab | GSSAPI | Location of keytab file | /etc/krb5.keytab (system dependant) |
| mech_list | SASL Library | Whitespace separated list of mechanisms to allow (e.g. 'plain otp'). Used to restrict the mechanisms to a subset of the installed plugins. | all available |
| opiekeys | OTP (with OPIE) | Location of the opiekeys file | /etc/opiekeys |
| otp_mda | OTP (w/o OPIE) | Message digest algorithm for one-time passwords, used by sasl_setpass (possible values: 'md4', 'md5', 'sha1') | md5 |
| plugin_list | SASL Library | Location of Plugin list (Unsupported) | none |
| pwcheck_method | SASL Library | Whitespace separated list of mechanisms used to verify passwords, used by sasl_checkpass (possible values: 'auxprop', 'pwcheck', 'saslauthd', 'alwaystrue') | auxprop |
| reauth_timeout | DIGEST-MD5 | Length in time (in minutes) that authentication info will be cached for a fast reauth. A value of 0 will disable reauth. | 1440 (24 hours) |
| saslauthd_path | SASL Library | Path to saslauthd binary | system dependant |
| sasldb_path | sasldb plugin | Path to sasldb file | /etc/sasldb2 (system dependant) |
| srp_mda | SRP | Message digest algorithm for SRP calculations (possible values: 'md5', 'sha1', 'rmd160') | sha1 | srvtab | KERBEROS_V4 | Location of the srvtab file | /etc/srvtab (system dependant) |