xenial (1) gsasl.1.gz

Provided by: gsasl_1.8.0-8ubuntu2_amd64 bug

NAME

       gsasl - SASL library command line interface

SYNOPSIS

       gsasl [OPTIONS]... [HOST [PORT]]...

DESCRIPTION

       GNU SASL 1.8.0

       Authenticate  user  to  a server using Simple Authentication and Security Layer.  Currently IMAP and SMTP
       servers are supported.  This is a command line interface for the GNU SASL library.

       -h, --help
              Print help and exit

       -V, --version
              Print version and exit

   Commands:
       -c, --client
              Act as client.  (default=on)

       -s, --server
              Act as server.  (default=off)

       --client-mechanisms
              Write name of supported client mechanisms separated by space to stdout.  (default=off)

       --server-mechanisms
              Write name of supported server mechanisms separated by space to stdout.  (default=off)

   Network options:
       --connect=HOST[:PORT]
              Connect to TCP server and negotiate on stream  instead  of  stdin/stdout.  PORT  is  the  protocol
              service,  or  an integer denoting the port, and defaults to 143 (imap) if not specified. Also sets
              the --hostname default.

   Generic options:
       -d, --application-data
              After authentication, read data from stdin and run it through the mechanism's security  layer  and
              print it base64 encoded to stdout. The default is to terminate after authentication.

              (default=on)

       --imap Use  a  IMAP-like  logon  procedure  (client  only).   Also  sets the --service default to 'imap'.
              (default=off)

       --smtp Use a SMTP-like logon procedure (client  only).   Also  sets  the  --service  default  to  'smtp'.
              (default=off)

       -m, --mechanism=STRING
              Mechanism to use.

       --no-client-first
              Disallow client to send data first (client only).  (default=off)

   SASL mechanism options (they are prompted for when required):
       -n, --anonymous-token=STRING
              Token for anonymous authentication, usually mail address (ANONYMOUS only).

       -a, --authentication-id=STRING
              Identity of credential owner.

       -z, --authorization-id=STRING Identity to request service for.

       -p, --password=STRING
              Password for authentication (insecure for non-testing purposes).

       -r, --realm=STRING
              Realm. Defaults to hostname.

       -x, --maxbuf=NUMBER
              Indicate maximum buffer size (DIGEST-MD5 only).

       --passcode=NUMBER
              Passcode for authentication (SECURID only).

       --service=STRING
              Set the requested service name (should be a registered GSSAPI host based service name).

       --hostname=STRING
              Set the name of the server with the requested service.

       --service-name=STRING
              Set the generic server name in case of a replicated server (DIGEST-MD5 only).

       --enable-cram-md5-validate
              Validate CRAM-MD5 challenge and response

       interactively.
              (default=off)

       --disable-cleartext-validate
              Disable cleartext validate hook, forcing server

       to prompt for password.
              (default=off)

       --quality-of-protection=TYPE
              How application payload will be protected.

       'qop-auth' means no protection, 'qop-int'
              means  integrity  protection, 'qop-conf' means integrity and confidentialiy protection.  Currently
              only used by DIGEST-MD5, where the default is 'qop-int'.

   STARTTLS options:
       --starttls
              Force use of STARTTLS.  The default is to use STARTTLS when available.  (default=off)

       --no-starttls
              Unconditionally disable STARTTLS.  (default=off)

       --no-cb
              Don't use channel bindings from TLS.  (default=off)

       --x509-ca-file=FILE
              File containing one or more X.509 Certificate Authorities certificates  in  PEM  format,  used  to
              verify  the certificate received from the server.  If not specified, no verification of the remote
              server certificate will be done.

       --x509-cert-file=FILE
              File containing client X.509 certificate in PEM format.  Used  together  with  --x509-key-file  to
              specify the certificate/key pair.

       --x509-key-file=FILE
              Private key for the client X.509 certificate in PEM format.  Used together with --x509-key-file to
              specify the certificate/key pair.

       --priority=STRING
              Cipher priority string.

   Other options:
       --verbose
              Produce verbose output.  (default=off)

       --quiet
              Don't produce any diagnostic output.  (default=off)

AUTHOR

       Written by Simon Josefsson.

REPORTING BUGS

       Report bugs to: bug-gsasl@gnu.org

       Report Debian bugs to: http://bugs.debian.org/
       GNU SASL home page: <http://www.gnu.org/software/gsasl/>
       General help using GNU software: <http://www.gnu.org/gethelp/>

       Packaged by Debian (1.8.0-8ubuntu2)
       Copyright © 2012 Simon Josefsson.
       License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.
       This is free software: you are free to change and redistribute it.
       There is NO WARRANTY, to the extent permitted by law.

SEE ALSO

       The full documentation for gsasl is maintained as a Texinfo manual.  If the info and gsasl  programs  are
       properly installed at your site, the command

              info gsasl

       should give you access to the complete manual.