[ARGUS] sasl a solution (ugly, but a solution :-))
Peter Van Epp
vanepp at sfu.ca
Wed Aug 11 16:06:31 EDT 2004
After much head scratching and searching documentation and the sasl
mailing list I finally realized the problem is their shared secret and what
I want for shared secret (an ssh like host key) aren't the same. The reason
I haven't been able to figure out how to do shared secret without a user on
the far end is because sasl isn't intended to do that (at least I think thats
the case). The solution is to hack the argus code to hard code user id
argus (twice, once as the authenticating user and once as the effective
user which is why there are two user prompts) and a hard coded password (which
all of which should move to a root owned file somewhere rather than being
hard coded). With this change ra can connect via sasl without user interaction
which is what I need for unattended operation.
You then need to use saslpasswd on the argus server to set user name
argus and the password that you hard coded in place of passwd in the code
below in to the sasl password db.
Now ra can connect to the server with no user interaction across the
secure link. If someone can read the password you probably have bigger problems
than them being able to access your argus server, so while insecure, this is
probably OK (and moreover it does what I need to do right now which is
establish a restartable link between 2 of my machines across an untrusted
network :-)).
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
*** common/argus_auth.c.orig Wed Aug 11 12:45:25 2004
--- common/argus_auth.c Wed Aug 11 12:46:11 2004
***************
*** 80,86 ****
--- 80,90 ----
#include <ctype.h>
#include <assert.h>
+ #if defined(__FreeBSD__)
+ #include "/usr/local/include/sasl1/sasl.h"
+ #else
#include <sasl.h>
+ #endif
#endif /* ARGUS_SASL */
***************
*** 294,301 ****
switch (id) {
case SASL_CB_USER:
if (ustr == NULL) {
! printf("please enter an authorization id: ");
! fgets(RaSimpleBuf, sizeof RaSimpleBuf, stdin);
} else {
if ((ptr = strchr(ustr, '/')) != NULL)
--- 298,309 ----
switch (id) {
case SASL_CB_USER:
if (ustr == NULL) {
! /* printf("please enter an authorization id: ");
! fgets(RaSimpleBuf, sizeof RaSimpleBuf, stdin); */
!
! /* kludge in user id "argus" with a fixed password ... */
! strcpy(RaSimpleBuf,"argus");
!
} else {
if ((ptr = strchr(ustr, '/')) != NULL)
***************
*** 317,324 ****
ptr++;
if (ptr == NULL) {
! printf("please enter an authentication id: ");
! fgets(RaSimpleBuf, sizeof RaSimpleBuf, stdin);
} else
sprintf (RaSimpleBuf, "%s", ptr);
--- 325,334 ----
ptr++;
if (ptr == NULL) {
! /* printf("please enter an authentication id: ");
! fgets(RaSimpleBuf, sizeof RaSimpleBuf, stdin); */
!
! strcpy(RaSimpleBuf,"argus");
} else
sprintf (RaSimpleBuf, "%s", ptr);
***************
*** 346,351 ****
--- 356,364 ----
char *
getpassphrase(const char *prompt)
{
+
+ /* set a password here to avoid the prompts ... */
+ return ("passwrd");
return getpass(prompt);
}
#endif /* ! HAVE_GETPASSPHRASE */
More information about the argus
mailing list