Authentication/saslauthd.conf.in

Revision as of 11:22, 30 March 2015 by Jorge de la Cruz (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

saslauthd.conf.in

/opt/zimbra/cyrus-sasl/docs/saslauthd-sample.conf


# sample saslauthd configuration file for zimbra
# 

# lines beginning with `#' are treated as comments
# 

# directive -   zimbra_url
# type      -   string
# notes     -   mandatory
# 
# the url, or a whitespace-separated list of urls that identify the zimbra
# authentication service. The urls in this list will be used by saslauthd in a
# round-robin fashion, starting with the first url in the list. If a url is 
# not accessible, it will be removed from the list for an interval of time
# specified against the `zimbra_retry_interval' directive
# 
zimbra_url: http://localhost:7070/service/soap/

# directive -   zimbra_cert_check
# type      -   boolean (0/1) (y/n) (on/off) (t/f)
# notes     -   optional, default (on for curl >7.10, off for curl <7.10)
# 
# if any url specified against zimbra_url is secure (https://), then this
# directive indicates whether the authenticity of the server's certificate 
# should be verified or not, and also whether the server's certificate has 
# been issued to the server. the server is the host identified by the url
# the default value is on, unless curl is at version less than 7.10, in 
# which case, the default value is off
# 
zimbra_cert_check: off

# directive -   zimbra_cert_file
# type      -   string
# notes     -   optional
# 
# if zimbra_cert_check is on, then this file indicates the name of a file
# holding one or more certificates to verify the server with.
# if zimbra_cert_check is off, then this parameter is ignored
# 
zimbra_cert_file: /opt/zimbra/conf/smtpd.crt

# directive -   zimbra_retry_interval
# type      -   integer
# notes     -   optional, default 600
# In case zimbra_url is a list of urls to be used for authentication, and if 
# one of those urls could not be reached when its turn arrived by round-robin,
# then `zimbra_retry_interval' specifies the amount of time, in seconds, that 
# saslauthd will wait before considering that url for authentication by
# round-robin (this value defaults to 600 seconds)
# 
zimbra_retry_interval: 600

# directive -   zimbra_connect_timeout
# type      -   integer
# notes     -   optional, default 15
# 
# the maximum amount of time, in seconds, that a connection to a url is 
# allowed to take. if a url (from the round-robin list) takes longer than 
# this time to respond to a connection, then saslauthd will give up and 
# move to the next url in the list, or fail if there are no more urls 
# available in the list (this value defaults to 15 seconds)
# 
zimbra_connect_timeout: 15

# directive -   zimbra_timeout
# type      -   interger
# notes     -   optional, default 45
# 
# the maximum amount of time, in seconds, that a url can take for responding
# to an http request made by saslauthd. if the url takes a longer time to 
# respond, then saslauthd will timeout and move on to the next url in the list,
# or fail if there are no more urls in the list (default 45 seconds)
# 
zimbra_timeout: 45

# directive -   zimbra_dump_xml
# type      -   boolean (0/1) (y/n) (on/off) (t/f)
# notes     -   optional, default 0
# 
# zimbra_dump_xml is useful for diagnostics, and will cause saslauthd to
# print the request and the response body to stdout while communicating with
# an authentication url
# use this option only when saslauthd is being run in debug mode (with the -d
# switch), in normal mode, saslauthd daemonizes and detaches itself from the 
# controlling terminal and its standard input/output/error are redirected
# to /dev/null
# the default value for zimbra_dump_xml is 0, meaning false
# 
zimbra_dump_xml: off

# directive -   zimbra_proxy
# type      -   string
# notes     -   optional
# 
# use this parameter only if saslauthd requires to use a proxy in order to 
# connect to the urls specified in zimbra_url. 
# in most situations, the urls specified against zimbra_url are directly 
# contacted by saslauthd, and therefore zimbra_proxy is not used
# if used, this parameter should specify the proxy host name or dotted IP 
# address. To specify the port number, append :[port] to the end of the 
# host name. Any protocol specified by the [protocol}:// prefix will be ignored
# 
# zimbra_proxy: proxyhost:proxyport

Jump to: navigation, search