some fixes; debug for missing

[inn-innduct.git] / doc / man / sasl.conf.5

.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sh \" Subsection heading
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
'br\}
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.if \nF \{\
.    de IX
.    tm Index:\\$1\t\\n%\t"\\$2"
..
.    nr % 0
.    rr F
.\}
.\"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.hy 0
.if n .na
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
.    \" fudge factors for nroff and troff
.if n \{\
.    ds #H 0
.    ds #V .8m
.    ds #F .3m
.    ds #[ \f1
.    ds #] \fP
.\}
.if t \{\
.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
.    ds #V .6m
.    ds #F 0
.    ds #[ \&
.    ds #] \&
.\}
.    \" simple accents for nroff and troff
.if n \{\
.    ds ' \&
.    ds ` \&
.    ds ^ \&
.    ds , \&
.    ds ~ ~
.    ds /
.\}
.if t \{\
.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
.    \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
.    \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
.    \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
.    ds : e
.    ds 8 ss
.    ds o a
.    ds d- d\h'-1'\(ga
.    ds D- D\h'-1'\(hy
.    ds th \o'bp'
.    ds Th \o'LP'
.    ds ae ae
.    ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "SASL.CONF 5"
.TH SASL.CONF 5 "2008-04-06" "INN 2.4.5" "InterNetNews Documentation"
.SH "NAME"
sasl.conf \- SASL Configuration file for nnrpd.
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The file \fIsasl.conf\fR in \fIpathetc\fR specifies Simple Authentication
and Security Layer (\s-1SASL\s0), defined in \s-1RFC\s0 2222, for nnrpd.
Now nnrpd implements only Security Layer support, which is an extension
of \s-1RFC\s0 2595. This means you can get \s-1SSL\s0 or \s-1TLS\s0 encrypted \s-1NNRP\s0 between
your server and newsreaders. It requires OpenSSL 0.9.3 or newer from
http://www.openssl.org/; it has been tested with versions 0.9.4 and 0.9.5.
.SH "INSTALLATION"
.IX Header "INSTALLATION"
To use \s-1SSL\s0, a certificate and private key are needed that you can
create using the openssl binary. 
Make certain that each keys are owned by your news user, news group,
and are mode 0640 or 0660.
.Sh "\s-1EXAMPLE\s0"
.IX Subsection "EXAMPLE"
.Vb 4
\&   openssl req \-new \-x509 \-nodes \-out /usr/local/news/lib/cert.pem\e
\&    \-days 366 \-keyout /usr/local/news/lib/cert.pem
\&   chown news:news /usr/local/news/lib/cert.pem
\&   chmod 640 /usr/local/news/lib/cert.pem
.Ve
.PP
You also can make the keys as the root user with \f(CW\*(C`make cert\*(C'\fR.
.SH "CONFIGURATION"
.IX Header "CONFIGURATION"
Comments begin with a number  sign  (\f(CW\*(C`#\*(C'\fR)  and  continue through the 
end of the line.  Blank lines and comments are ignored.
All other lines specify parameters, and should be of the form
.PP
.Vb 1
\&    <option>: <value>
.Ve
.PP
where <option> is the name of the configuration option being set and
<value> is the value that the configuration option is being set to.
.PP
Blank lines and lines beginning with (\f(CW\*(C`#\*(C'\fR) are ignored.
For boolean options, the values  \f(CW\*(C`yes\*(C'\fR,  \f(CW\*(C`on\*(C'\fR,  \f(CW\*(C`t\*(C'\fR,
and  \f(CW1\fR turn the option on; the values \f(CW\*(C`no\*(C'\fR, \f(CW\*(C`off\*(C'\fR,
\&\f(CW\*(C`f\*(C'\fR, and \f(CW0\fR turn the option off.
.IP "tls_cert_file" 4
.IX Item "tls_cert_file"
The path to a file containing the server's certificate.
.IP "tls_key_file" 4
.IX Item "tls_key_file"
The path to a file containing the server's private key.
.IP "tls_ca_path" 4
.IX Item "tls_ca_path"
The path to a directory containing the \s-1CA\s0's certificate.
.IP "tls_ca_file" 4
.IX Item "tls_ca_file"
The path to a file containing the \s-1CA\s0's certificate.
.SH "TO DO"
.IX Header "TO DO"
Implement methods of the authentication protocols of \s-1SASL\s0.
.SH "HISTORY"
.IX Header "HISTORY"
Written by Kenichi \s-1OKADA\s0 <okada@opaopa.org> for InterNetNews.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIinn.conf\fR\|(5), \fIinnd\fR\|(8), \fInnrpd\fR\|(8), \fIreaders.conf\fR\|(5)