This version of Oracle Solaris supports most of the security mechanism plugins from Cyrus SASL, including auxprop plugins. For consumers of SASL that are configured for an earlier version of Oracle Solaris, the additional security mechanisms in Oracle Solaris 11.4 affect SASL authentication behavior.
If your SASL implementation is compiled with the saslplug.h header file from version 2.1.15, and if that software performs its own check for SASL_AUXPROP_PLUG_VERSION, you might need to recompile it with the Oracle Solaris saslplug.h file.
The maximum value of SASL_AUXPROP_PLUG_VERSION in this release is 8.
If you provided an auxprop plugin to retrieve clear text passwords in earlier versions of Oracle Solaris for CRAM-MD5 or DIGEST-MD5 on the server side, you must recompile with the saslplug.h header file.
If you provided an auxprop plugin to support password verification for the PLAIN plugin, you might also need to recompile.
Because Oracle Solaris supplies many more SASL plugins than were supplied in Oracle Solaris 11, consumers that are not narrowly configured can discover more runtime choices. Administrators must confirm that existing configurations exclude any plugins which site security policy excludes. For more information, see SASL Plugins.
Two formerly Oracle Solaris-only options have changed. The –log_level option is in Cyrus SASL and supported, but the –use_authid option is not supported. Also, the Cyrus SASL –keytab option is no longer supported. To set the default keytab location, use the KRB5_KTNAME environment variable.
Oracle Solaris delivers some test programs that can be useful when testing SASL configurations. They are in the /usr/lib/sasl2/tests and /usr/lib/sasl2/tests/$MACH32 directories. In addition, if facet.optional.test is set to true, a small test program called testsuite and the TestSuite.conf file are delivered to those directories.