Authentication/saslauthd.conf.in
- This is archive documentation, which means it is not supported or valid for recent versions of Zimbra Collaboration.
saslauthd.conf.in
/opt/zimbra/cyrus-sasl/docs/saslauthd-sample.conf
# sample saslauthd configuration file for zimbra # # lines beginning with `#' are treated as comments # # directive - zimbra_url # type - string # notes - mandatory # # the url, or a whitespace-separated list of urls that identify the zimbra # authentication service. The urls in this list will be used by saslauthd in a # round-robin fashion, starting with the first url in the list. If a url is # not accessible, it will be removed from the list for an interval of time # specified against the `zimbra_retry_interval' directive # zimbra_url: http://localhost:7070/service/soap/ # directive - zimbra_cert_check # type - boolean (0/1) (y/n) (on/off) (t/f) # notes - optional, default (on for curl >7.10, off for curl <7.10) # # if any url specified against zimbra_url is secure (https://), then this # directive indicates whether the authenticity of the server's certificate # should be verified or not, and also whether the server's certificate has # been issued to the server. the server is the host identified by the url # the default value is on, unless curl is at version less than 7.10, in # which case, the default value is off # zimbra_cert_check: off # directive - zimbra_cert_file # type - string # notes - optional # # if zimbra_cert_check is on, then this file indicates the name of a file # holding one or more certificates to verify the server with. # if zimbra_cert_check is off, then this parameter is ignored # zimbra_cert_file: /opt/zimbra/conf/smtpd.crt # directive - zimbra_retry_interval # type - integer # notes - optional, default 600 # In case zimbra_url is a list of urls to be used for authentication, and if # one of those urls could not be reached when its turn arrived by round-robin, # then `zimbra_retry_interval' specifies the amount of time, in seconds, that # saslauthd will wait before considering that url for authentication by # round-robin (this value defaults to 600 seconds) # zimbra_retry_interval: 600 # directive - zimbra_connect_timeout # type - integer # notes - optional, default 15 # # the maximum amount of time, in seconds, that a connection to a url is # allowed to take. if a url (from the round-robin list) takes longer than # this time to respond to a connection, then saslauthd will give up and # move to the next url in the list, or fail if there are no more urls # available in the list (this value defaults to 15 seconds) # zimbra_connect_timeout: 15 # directive - zimbra_timeout # type - interger # notes - optional, default 45 # # the maximum amount of time, in seconds, that a url can take for responding # to an http request made by saslauthd. if the url takes a longer time to # respond, then saslauthd will timeout and move on to the next url in the list, # or fail if there are no more urls in the list (default 45 seconds) # zimbra_timeout: 45 # directive - zimbra_dump_xml # type - boolean (0/1) (y/n) (on/off) (t/f) # notes - optional, default 0 # # zimbra_dump_xml is useful for diagnostics, and will cause saslauthd to # print the request and the response body to stdout while communicating with # an authentication url # use this option only when saslauthd is being run in debug mode (with the -d # switch), in normal mode, saslauthd daemonizes and detaches itself from the # controlling terminal and its standard input/output/error are redirected # to /dev/null # the default value for zimbra_dump_xml is 0, meaning false # zimbra_dump_xml: off # directive - zimbra_proxy # type - string # notes - optional # # use this parameter only if saslauthd requires to use a proxy in order to # connect to the urls specified in zimbra_url. # in most situations, the urls specified against zimbra_url are directly # contacted by saslauthd, and therefore zimbra_proxy is not used # if used, this parameter should specify the proxy host name or dotted IP # address. To specify the port number, append :[port] to the end of the # host name. Any protocol specified by the [protocol}:// prefix will be ignored # # zimbra_proxy: proxyhost:proxyport