Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
GSASL(1)			 User Commands			      GSASL(1)

NAME
       gsasl - SASL library command line interface

SYNOPSIS
       gsasl [OPTIONS]... [HOST	[PORT]]...

DESCRIPTION
       GNU SASL	1.8.0

       Authenticate  user to a server using Simple Authentication and Security
       Layer.  Currently IMAP and SMTP servers are supported.  This is a  com-
       mand line interface for the GNU SASL library.

       -h, --help
	      Print help and exit

       -V, --version
	      Print version and	exit

   Commands:
       -c, --client
	      Act as client.  (default=on)

       -s, --server
	      Act as server.  (default=off)

       --client-mechanisms
	      Write  name of supported client mechanisms separated by space to
	      stdout.  (default=off)

       --server-mechanisms
	      Write name of supported server mechanisms	separated by space  to
	      stdout.  (default=off)

   Network options:
       --connect=HOST[:PORT]
	      Connect  to  TCP	server	and  negotiate	on  stream  instead of
	      stdin/stdout. PORT is the	protocol service, or an	integer	denot-
	      ing  the port, and defaults to 143 (imap)	if not specified. Also
	      sets the --hostname default.

   Generic options:
       -d, --application-data
	      After authentication, read data from stdin and  run  it  through
	      the  mechanism's	security  layer	and print it base64 encoded to
	      stdout. The default is to	terminate after	authentication.

	      (default=on)

       --imap Use a IMAP-like logon procedure (client only).   Also  sets  the
	      --service	default	to 'imap'.  (default=off)

       --smtp Use  a  SMTP-like	 logon procedure (client only).	 Also sets the
	      --service	default	to 'smtp'.  (default=off)

       -m, --mechanism=STRING
	      Mechanism	to use.

       --no-client-first
	      Disallow client to send data first (client only).	 (default=off)

   SASL	mechanism options (they	are prompted for when required):
       -n, --anonymous-token=STRING
	      Token for	anonymous authentication, usually mail address (ANONY-
	      MOUS only).

       -a, --authentication-id=STRING
	      Identity of credential owner.

       -z, --authorization-id=STRING Identity to request service for.

       -p, --password=STRING
	      Password for authentication (insecure for	non-testing purposes).

       -r, --realm=STRING
	      Realm. Defaults to hostname.

       -x, --maxbuf=NUMBER
	      Indicate maximum buffer size (DIGEST-MD5 only).

       --passcode=NUMBER
	      Passcode for authentication (SECURID only).

       --service=STRING
	      Set  the	requested  service name	(should	be a registered	GSSAPI
	      host based service name).

       --hostname=STRING
	      Set the name of the server with the requested service.

       --service-name=STRING
	      Set the generic server name in case of a replicated server  (DI-
	      GEST-MD5 only).

       --enable-cram-md5-validate
	      Validate CRAM-MD5	challenge and response

       interactively.
	      (default=off)

       --disable-cleartext-validate
	      Disable cleartext	validate hook, forcing server

       to prompt for password.
	      (default=off)

       --quality-of-protection=TYPE
	      How application payload will be protected.

	      'qop-auth'  means	 no protection,	'qop-int' means	integrity pro-
	      tection, 'qop-conf' means	integrity and  confidentialiy  protec-
	      tion.   Currently	 only used by DIGEST-MD5, where	the default is
	      'qop-int'.

   STARTTLS options:
       --starttls
	      Force use	of STARTTLS.  The default  is  to  use	STARTTLS  when
	      available.  (default=off)

       --no-starttls
	      Unconditionally disable STARTTLS.	 (default=off)

       --no-cb
	      Don't use	channel	bindings from TLS.  (default=off)

       --x509-ca-file=FILE
	      File  containing	one or more X.509 Certificate Authorities cer-
	      tificates	in PEM format, used to verify the certificate received
	      from  the	 server.  If not specified, no verification of the re-
	      mote server certificate will be done.

       --x509-cert-file=FILE
	      File containing client X.509 certificate in  PEM	format.	  Used
	      together	with  --x509-key-file  to  specify the certificate/key
	      pair.

       --x509-key-file=FILE
	      Private key for the client  X.509	 certificate  in  PEM  format.
	      Used  together  with  --x509-key-file  to	 specify  the certifi-
	      cate/key pair.

       --priority=STRING
	      Cipher priority string.

   Other options:
       --verbose
	      Produce verbose output.  (default=off)

       --quiet
	      Don't produce any	diagnostic output.  (default=off)

AUTHOR
       Written by Simon	Josefsson.

REPORTING BUGS
       Report bugs to: bug-gsasl@gnu.org
       GNU SASL	home page: <http://www.gnu.org/software/gsasl/>
       General help using GNU software:	<http://www.gnu.org/gethelp/>

COPYRIGHT
       Copyright (C) 2012 Simon	Josefsson.  License GPLv3+: GNU	GPL version  3
       or later	<http://gnu.org/licenses/gpl.html>.
       This  is	 free  software:  you  are free	to change and redistribute it.
       There is	NO WARRANTY, to	the extent permitted by	law.

SEE ALSO
       The full	documentation for gsasl	is maintained as a Texinfo manual.  If
       the  info  and  gsasl programs are properly installed at	your site, the
       command

	      info gsasl

       should give you access to the complete manual.

gsasl 1.8.0			   May 2012			      GSASL(1)

NAME | SYNOPSIS | DESCRIPTION | AUTHOR | REPORTING BUGS | COPYRIGHT | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=gsasl&sektion=1&manpath=FreeBSD+12.0-RELEASE+and+Ports>

home | help