lunar (1) gsasl.1.gz

Provided by: gsasl_2.2.0-1ubuntu1_amd64 bug

NAME

       gsasl - SASL library command line interface

SYNOPSIS

       gsasl [OPTION]... [HOST [PORT]]...

DESCRIPTION

       Authenticate  user  to a server using Simple Authentication and Security Layer.  Currently
       IMAP and SMTP servers are supported.  This is a command line interface for  the  GNU  SASL
       library.

       -h, --help
              Print help and exit

       -V, --version
              Print version and exit

   Commands:
       -c, --client
              Act as client.  (default=on)

       -s, --server
              Act as server.  (default=off)

       --client-mechanisms
              Write   name   of  supported  client  mechanisms  separated  by  space  to  stdout.
              (default=off)

       --server-mechanisms
              Write  name  of  supported  server  mechanisms  separated  by  space   to   stdout.
              (default=off)

       -k, --mkpasswd
              Derive password. Provide --mechanism as SCRAM-SHA-1 or SCRAM-SHA-256.  The required
              inputs are password (through --password or read from terminal) and optional  inputs
              are  iteration  count  (through --iteration-count, or defaulting to 65536) and salt
              (through --salt, or generated randomly).  The  output  is  a  string  of  the  form
              "{mech}count,salt,stored-key,server-key[,salted-password]"   where  "mech"  is  the
              mechanism, "count" is the number of  times  password  was  hashed,  "salt"  is  the
              provided/generated  base64-encoded  salt, "stored-key" and "server-key" are the two
              derived  and  base64-encoded  server-side  keys.   When  --verbose   is   provided,
              "salted-password"  will  be  included  as  the hex-encoded PBKDF2-derived password.
              (default=off)

   Network options:
       --connect=HOST[:PORT]
              Connect to TCP server and negotiate on stream instead of stdin/stdout. PORT is  the
              protocol  service,  or  an integer denoting the port, and defaults to 143 (imap) if
              not specified. Also sets the --hostname default.

   Generic options:
       -d, --application-data
              After authentication, read data from stdin  and  run  it  through  the  mechanism's
              security  layer  and print it base64 encoded to stdout. The default is to terminate
              after authentication.  (default=on)

       --imap Use a IMAP-like logon procedure (client only).  Also sets the --service default  to
              'imap'.  (default=off)

       --smtp Use  a SMTP-like logon procedure (client only).  Also sets the --service default to
              'smtp'.  (default=off)

       -m, --mechanism=STRING
              Mechanism to use.

       --no-client-first
              Disallow client to send data first (client only).  (default=off)

   SASL mechanism options (they are prompted for when required):
       -n, --anonymous-token=STRING
              Token for anonymous authentication, usually mail address (ANONYMOUS only).

       -a, --authentication-id=STRING
              Identity of credential owner.

       -z, --authorization-id=STRING Identity to request service for.

       -p, --password=STRING
              Password for authentication (insecure for non-testing purposes).

       -r, --realm=STRING
              Realm. Defaults to hostname.

       --passcode=NUMBER
              Passcode for authentication (SECURID only).

       --service=STRING
              Set the requested service name (should be a registered GSSAPI  host  based  service
              name).

       --hostname=STRING
              Set the name of the server with the requested service.

       --service-name=STRING
              Set the generic server name in case of a replicated server (DIGEST-MD5 only).

       --enable-cram-md5-validate
              Validate CRAM-MD5 challenge and response

       interactively.
              (default=off)

       --disable-cleartext-validate
              Disable cleartext validate hook, forcing server

       to prompt for password.
              (default=off)

       --quality-of-protection=TYPE
              How application payload will be protected.

       'qop-auth' means no protection, 'qop-int'
              means   integrity   protection,   'qop-conf'  means  integrity  and  confidentialiy
              protection.  Currently only used by DIGEST-MD5, where the default is 'qop-int'.

       --iteration-count=NUMBER
              Indicate PBKDF2 hash iteration count (SCRAM only).  (default=`65536')

       --salt=B64DATA
              Indicate PBKDF2 salt as base64-encoded string (SCRAM only).

   STARTTLS options:
       --starttls
              Force  use  of  STARTTLS.   The  default  is  to  use  STARTTLS   when   available.
              (default=off)

       --no-starttls
              Unconditionally disable STARTTLS.  (default=off)

       --no-cb
              Don't use channel bindings from TLS.  (default=off)

       --x509-ca-file=FILE
              File  containing  one  or  more  X.509  Certificate Authorities certificates in PEM
              format, used to verify the certificate received from the server.  If not specified,
              verification  uses  system trust settings.  If FILE is the empty string, don't fail
              on X.509 server certificates verification errors.

       --x509-cert-file=FILE
              File containing client  X.509  certificate  in  PEM  format.   Used  together  with
              --x509-key-file to specify the certificate/key pair.

       --x509-key-file=FILE
              Private  key  for  the  client X.509 certificate in PEM format.  Used together with
              --x509-key-file to specify the certificate/key pair.

       --priority=STRING
              Cipher priority string.

   Other options:
       --verbose
              Produce verbose output.  (default=off)

       --quiet
              Don't produce any diagnostic output.  (default=off)

AUTHOR

       Written by Simon Josefsson.

REPORTING BUGS

       Report bugs to: bug-gsasl@gnu.org
       GNU SASL home page: <https://www.gnu.org/software/gsasl/>
       General help using GNU software: <https://www.gnu.org/gethelp/>

       Copyright  ©  2022  Simon  Josefsson.   License  GPLv3+:  GNU  GPL  version  3  or   later
       <https://gnu.org/licenses/gpl.html>.
       This  is free software: you are free to change and redistribute it.  There is NO WARRANTY,
       to the extent permitted by law.

SEE ALSO

       The full documentation for gsasl is maintained as a Texinfo manual.  If the info and gsasl
       programs are properly installed at your site, the command

              info gsasl

       should give you access to the complete manual.