21 lines
958 B
Plaintext
21 lines
958 B
Plaintext
# Enabled authentication mechanisms (space-separated list).
|
|
# You can list many mechanisms at once, then the user can choose
|
|
# by adding e.g. '?authmech=gssapi' to their host specification.
|
|
# For other options, refer to SASL pluginviewer command output.
|
|
#mech_list: plain login scram-sha-256 gssapi
|
|
mech_list: plain login scram-sha-256
|
|
|
|
# If deferring to the SASL auth daemon (runs as root, can do PAM
|
|
# login using regular user accounts, unprivileged daemons cannot).
|
|
#pwcheck_method: saslauthd
|
|
|
|
# If using plain/scram-sha-* for user database, this sets the file
|
|
# containing the passwords. Use 'saslpasswd2 -a pmcd [username]'
|
|
# to add entries and 'sasldblistusers2 -f $sasldb_path' to browse.
|
|
# Note: must be readable as the PCP daemons user (chown root:pcp).
|
|
sasldb_path: /etc/pcp/passwd.db
|
|
|
|
# Before using Kerberos via GSSAPI, you need a service principal on
|
|
# the KDC server for pmcd, and that to be exported to the keytab.
|
|
#keytab: /etc/pcp/krb5.tab
|