# Enabled authentication mechanisms (space-separated list).
# You can list many mechanisms at once, then the user can choose
# by adding e.g. '?authmech=gssapi' to their host specification.
# For other options, refer to SASL pluginviewer command output.
#mech_list: plain login scram-sha-256 gssapi
mech_list: plain login scram-sha-256

# If deferring to the SASL auth daemon (runs as root, can do PAM
# login using regular user accounts, unprivileged daemons cannot).
#pwcheck_method: saslauthd

# If using plain/scram-sha-* for user database, this sets the file
# containing the passwords.  Use 'saslpasswd2 -a pmcd [username]'
# to add entries and 'sasldblistusers2 -f $sasldb_path' to browse.
# Note: must be readable as the PCP daemons user (chown root:pcp).
sasldb_path: /etc/pcp/passwd.db

# Before using Kerberos via GSSAPI, you need a service principal on
# the KDC server for pmcd, and that to be exported to the keytab.
#keytab: /etc/pcp/krb5.tab