NAME¶
gsasl - SASL library command line interface
SYNOPSIS¶
gsasl [
OPTIONS]... [
HOST [
PORT]]...
DESCRIPTION¶
GNU SASL 1.8.0
Authenticate user to a server using Simple Authentication and Security Layer.
Currently IMAP and SMTP servers are supported. This is a command line
interface for the GNU SASL library.
- -h, --help
- Print help and exit
- -V, --version
- Print version and exit
Commands:¶
- -c, --client
- Act as client. (default=on)
- -s, --server
- Act as server. (default=off)
- --client-mechanisms
- Write name of supported client mechanisms separated by
space to stdout. (default=off)
- --server-mechanisms
- Write name of supported server mechanisms separated by
space to stdout. (default=off)
Network options:¶
- --connect=HOST[:PORT]
- Connect to TCP server and negotiate on stream instead of
stdin/stdout. PORT is the protocol service, or an integer denoting the
port, and defaults to 143 (imap) if not specified. Also sets the
--hostname default.
Generic options:¶
- -d, --application-data
- After authentication, read data from stdin and run it
through the mechanism's security layer and print it base64 encoded to
stdout. The default is to terminate after authentication.
- (default=on)
- --imap
- Use a IMAP-like logon procedure (client only). Also sets
the --service default to 'imap'. (default=off)
- --smtp
- Use a SMTP-like logon procedure (client only). Also sets
the --service default to 'smtp'. (default=off)
- -m, --mechanism=STRING
- Mechanism to use.
- --no-client-first
- Disallow client to send data first (client only).
(default=off)
SASL mechanism options (they are prompted for when
required):¶
- -n, --anonymous-token=STRING
- Token for anonymous authentication, usually mail address
(ANONYMOUS only).
- -a, --authentication-id=STRING
- Identity of credential owner.
-z,
--authorization-id=STRING Identity to request service for.
- -p, --password=STRING
- Password for authentication (insecure for non-testing
purposes).
- -r, --realm=STRING
- Realm. Defaults to hostname.
- -x, --maxbuf=NUMBER
- Indicate maximum buffer size (DIGEST-MD5 only).
- --passcode=NUMBER
- Passcode for authentication (SECURID only).
- --service=STRING
- Set the requested service name (should be a registered
GSSAPI host based service name).
- --hostname=STRING
- Set the name of the server with the requested service.
- --service-name=STRING
- Set the generic server name in case of a replicated server
(DIGEST-MD5 only).
- --enable-cram-md5-validate
- Validate CRAM-MD5 challenge and response
- interactively.
- (default=off)
- --disable-cleartext-validate
- Disable cleartext validate hook, forcing server
- to prompt for password.
- (default=off)
- --quality-of-protection=TYPE
- How application payload will be protected.
- 'qop-auth' means no protection, 'qop-int' means integrity
protection, 'qop-conf' means integrity and confidentialiy protection.
Currently only used by DIGEST-MD5, where the default is 'qop-int'.
STARTTLS options:¶
- --starttls
- Force use of STARTTLS. The default is to use STARTTLS when
available. (default=off)
- --no-starttls
- Unconditionally disable STARTTLS. (default=off)
- --no-cb
- Don't use channel bindings from TLS. (default=off)
- --x509-ca-file=FILE
- File containing one or more X.509 Certificate Authorities
certificates in PEM format, used to verify the certificate received from
the server. If not specified, no verification of the remote server
certificate will be done.
- --x509-cert-file=FILE
- File containing client X.509 certificate in PEM format.
Used together with --x509-key-file to specify the certificate/key
pair.
- --x509-key-file=FILE
- Private key for the client X.509 certificate in PEM format.
Used together with --x509-key-file to specify the certificate/key
pair.
- --priority=STRING
- Cipher priority string.
Other options:¶
- --verbose
- Produce verbose output. (default=off)
- --quiet
- Don't produce any diagnostic output. (default=off)
AUTHOR¶
Written by Simon Josefsson.
REPORTING BUGS¶
Report bugs to: bug-gsasl@gnu.org
GNU SASL home page: <
http://www.gnu.org/software/gsasl/>
General help using GNU software: <
http://www.gnu.org/gethelp/>
COPYRIGHT¶
Copyright © 2012 Simon Josefsson. License GPLv3+: GNU GPL version 3 or
later <
http://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it. There is NO
WARRANTY, to the extent permitted by law.
SEE ALSO¶
The full documentation for
gsasl is maintained as a Texinfo manual. If
the
info and
gsasl programs are properly installed at your site,
the command
- info gsasl
should give you access to the complete manual.