[ARGUS] sasl a solution (ugly, but a solution :-))

Peter Van Epp vanepp at sfu.ca
Tue Aug 17 22:22:22 EDT 2004


	Time to switch to plan B (stunnel ssl tunnel or ssh tunnel). As far as
I can see sasl just doesn't work (or possibly works as documented which isn't
what I need to do) on FreeBSD. To quote the documentation:

"All is well and good to securely authenticate, but if you don't
have some sort of integrity or privacy layer, anyone can hijack
your TCP session after authentication. If your application has
indicated that it can support a security layer, one might be negotiated."

	This of course also allows that a secure connection might not be 
negotiated, and so far in everything I have tried (even in their sample
programs) thats what it does %100 of the time. I don't think this is only
the sample code because I screwed up the argus server config once and built 
without sasl support at all and the sasled ra client happily connected to that 
server without complaint (or apparantly authorization) and dumped the data
presumably clear text on the wire which isn't what I want or need ...
	To be fair, they do tell you to check whether you got the connection
you asked for and every time it says no encryption (even when you ask for it
and tell it there is no external encryption, at least I think thats what the
undocumented calls to external ssf do ...).

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada



More information about the argus mailing list