Question Rephrased

Carter Bullard carter at qosient.com
Tue Jan 10 22:34:11 EST 2006 

So Peter,
    Yes I have had it working quite well for quite some time.   
But, ...., in
order to understand what your problems are we need quite a bit of
information.  First did ./configure find the sasl libraries correctly?
This is in the config.log.   Second is argus actually calling the SASL
routines.  You can find this out very quickly when you run argus
using the "-D 2" option.

    So to make sure the SASL libraries are cool, run:
       ./configure --with-sasl=yes

when i run the resulting argus_linux, i get this kind of output:

[root at horus argus]# ./bin/argus_linux -D3 -P34567

argus_linux[20995]: 10 Jan 06 22:28:08 ArgusEstablishListen(34567,  
0xbffff100) binding: 0
argus_linux[20995]: 10 Jan 06 22:28:08 ArgusEstablishListen(34567,  
0xbffff100) returning 3
argus_linux[20995]: 10 Jan 06 22:28:08 setArgusPortNum(34567) returning
argus_linux[20995]: 10 Jan 06 22:28:08 ArgusNewModeler() returning  
0x8154d78
argus_linux[20995]: 10 Jan 06 22:28:08 ArgusNewOutput() returning  
retn 0x8154d88
argus_linux[20995]: 10 Jan 06 22:28:08 ArgusNewSource() returning  
0x8154e10
argus_linux[20995]: 10 Jan 06 22:28:08 setArgusDevice(eth0) returning
argus_linux[20995]: 10 Jan 06 22:28:08 Arguslookup_pcap_callback(1)  
returning ArgusEtherPacket(): 0x8051acc
argus_linux[20995]: 10 Jan 06 22:28:08 ArgusInitSource() returning
argus_linux[20996]: 10 Jan 06 22:28:08 ArgusNewSocket (5) returning  
0x8155790
argus_linux[20996]: 10 Jan 06 22:28:08 ArgusInitOutputProcess()  
returning
argus_linux[20995]: 10 Jan 06 22:28:08 ArgusOutputProcess[20996] created
argus_linux[20995]: 10 Jan 06 22:28:08 ArgusInitOutput() returning
argus_linux[20995]: 10 Jan 06 22:28:08 ArgusNewSocket (6) returning  
0x8155790
argus_linux[20995]: 10 Jan 06 22:28:08 ArgusInitModeler():  
ArgusHashArray 0x400a6008


Then when I run ra():
      ra -S localhost:34567

argus prints out:

argus_linux[21003]: 10 Jan 06 22:31:50 ArgusNewSocket (9) returning  
0x81657d0
argus_linux[21003]: 10 Jan 06 22:31:50 ArgusSendInitialMar 
(-1073749016) returning
argus_linux[21003]: 10 Jan 06 22:31:50 ArgusCheckClientStatus()  
returning
argus_linux[21006]: 10 Jan 06 22:31:50 ArgusClientProcess: received  
start record, len 128
argus_linux[21006]: 10 Jan 06 22:31:50 ArgusNewSocket (8) returning  
0x8175810
argus_linux[21006]: 10 Jan 06 22:31:50 ArgusNewSocket (7) returning  
0x8185850
argus_linux[21006]: 10 Jan 06 22:31:50 ArgusAuthenticateClient: SASL  
enabled
argus_linux[21006]: 10 Jan 06 22:31:50 ArgusSendSaslString(0x8195bd8,  
0x8195a30, 2)
{ }
argus_linux[21006]: 10 Jan 06 22:31:50 ArgusAuthenticateClient: No  
SASL Mechanisms
argus_linux[21006]: 10 Jan 06 22:31:50 ArgusInitClientProcess 
(0x8154d90, (null)) returning
argus_linux[21006]: 10 Jan 06 22:31:50 ArgusProcessRemoteSocket: read  
'N' from remote
argus_linux[21006]: 10 Jan 06 22:31:50 ArgusProcessRemoteSocket: read  
'' from remote
argus_linux[21003]: 10 Jan 06 22:31:50 ArgusCloseSocket(0) returning
argus_linux[21003]: 10 Jan 06 22:31:50 ArgusOutputProcess() select  
returned Interrupted system call

The authenticate messages are then printed.

On this machine the sasl stuff has not been setup at all, so it will  
reject.  I'll fish around for
a machine that has it all set up to see how an argus with "SASL  
Mechanisms" should behave.

Carter



On Jan 10, 2006, at 9:14 PM, Peter Moody wrote:

> Ok. Since this hasn't generated the response I was hoping for, I'm
> going to rephrase this. Has anyone gotten some sort of argus
> authentication working?  Unfortunately, I don't have a network where I
> can easily seperate the people who are allowed to see this data from
> those who can't.
>
> Cheers,
> -Peter
>
>
> On 1/9/06, Peter Moody <peter.moody at gmail.com> wrote:
>> Howdy -
>>
>> I've been looking for information on how to get argus working
>> properlly with SASL for client authentication.  I've got an argus
>> binary linked against sasl and I've got an argus client (ra) client
>> linked against sasl, but I can't find out how to get argus to use my
>> existing kerb backend for authentication when the client connects.  I
>> could spend more time banging my head against my monitors, but I was
>> hoping someone here might have done it already and could share some
>> insight.
>>
>> Cheers,
>> -Peter
>>
>

More information about the argus mailing list