Question Rephrased

Carter Bullard carter at qosient.com
Tue Jan 10 23:17:07 EST 2006 

Hey Peter,
    So I added a sasl account for my machine horus:

saslpasswd -c argus

and then ran the argus that was compile with sasl and then ran ra()  
supplying an incorrect
password:

../bin/ra -S localhost:34567 -D4 -U argus
ra[21266]: 10 Jan 06 23:03:27 ArgusFilterCompile () returning
ra[21265]: 10 Jan 06 23:03:27 ArgusFilterCompile () waiting for  
filter process 21266 on pipe 3
ra[21265]: 10 Jan 06 23:03:27 ArgusFilterCompile () read filter length 1
ra[21265]: 10 Jan 06 23:03:27 ArgusFilterCompile () read filter body 8
ra[21265]: 10 Jan 06 23:03:27 ArgusFilterCompile () returning 0
ra[21265]: 10 Jan 06 23:03:27 Trying localhost.localdomain port 34567  
Expecting Argus records
ra[21265]: 10 Jan 06 23:03:27 connected
ra[21265]: 10 Jan 06 23:03:27 ArgusGetServerSocket (0x8147f84)  
returning 3
10 Jan 06 23:03:12           man  229.97.122.203   
v2.0                   1 0     0        0         0             
0           STA
ra[21265]: 10 Jan 06 23:03:27 ArgusCalloc (1, 4096) returning 0x814891c
ra[21265]: 10 Jan 06 23:03:27 ArgusCalloc (1, 4096) returning 0x8149924
ra[21265]: 10 Jan 06 23:03:27 ArgusCalloc (1, 4096) returning 0x814a92c
ra[21265]: 10 Jan 06 23:03:27 ArgusParseInit (0x8147f84) returning
ra[21265]: 10 Jan 06 23:03:27 ArgusInitializeAuthentication () auth  
argus.localhost.localdomain
ra[21265]: 10 Jan 06 23:03:27 ArgusInitializeAuthentication ()  
returning 1
ra[21265]: 10 Jan 06 23:03:27 RaSaslNegotiate(0x3, 0x3, 0x81505d8)  
receiving capability list...
ra[21265]: 10 Jan 06 23:03:27 RaGetSaslString(3, 0xbffeca30, 22)
{ D I G E S T - M D 5 ,   C R A M - M D 5 }
ra[21265]: 10 Jan 06 23:03:27 RaSaslNegotiate(0x3, 0x3, 0x81505d8)  
calling sasl_client_start()
ra[21265]: 10 Jan 06 23:03:27 RaSaslNegotiate: using mechanism DIGEST- 
MD5
ra[21265]: 10 Jan 06 23:03:27 RaSendSaslString(3, 0x400bde3b, 10)
{ 1 0 } d a D I G E S T - M D 5
ra[21265]: 10 Jan 06 23:03:27 RaSendSaslString(3, 0x8150840, 0)
{ 0 } d a
ra[21265]: 10 Jan 06 23:03:27 waiting for server reply...
ra[21265]: 10 Jan 06 23:03:27 RaGetSaslString(3, 0xbffeca30, 152)
r e a l m = " h o r u s . ( n o n e ) " , n o n c e = " 0 V H t q e r  
C o 9 Y 0 l n h y 1 w C R 0 6 n i 2 W 0 f g 9 l p 7 u 5 Z X n Z / G V  
Y = " , q o p = " a u t h , a u t h - i n t , a u t h - c o n f " , c  
i p h e r = " r c 4 - 4 0 " , c h a r s e t = u t f - 8 , a l g o r i  
t h m = m d 5 - s e s s
ra[21265]: 10 Jan 06 23:03:27 RaSimple SASL_CB_USER is argus
please enter an authentication id: argus
ra[21265]: 10 Jan 06 23:03:31 RaSimple SASL_CB_AUTHNAME is argus

Password:
ra[21265]: 10 Jan 06 23:03:33 sending response length 283...
ra[21265]: 10 Jan 06 23:03:33 RaSendSaslString(3, 0x8150b60, 283)
{ 2 8 3 } d a u s e r n a m e = " a r g u s " , r e a l m = " h o r u  
s . ( n o n e ) " , n o n c e = " 0 V H t q e r C o 9 Y 0 l n h y 1 w  
C R 0 6 n i 2 W 0 f g 9 l p 7 u 5 Z X n Z / G V Y = " , c n o n c e =  
" w L G P B d T L v l 1 R f M I A x X n 3 Z M i 1 G Q o v J D 1 L a E  
g K I x z W 0 4 s = " , n c = 0 0 0 0 0 0 0 1 , q o p = a u t h - c o  
n f , c i p h e r = " r c 4 - 4 0 " , c h a r s e t = u t f - 8 , d i  
g e s t - u r i = " a r g u s / l o c a l h o s t . l o c a l d o m a  
i n " , r e s p o n s e = 8 e 3 c b e 0 e d 4 2 9 3 9 2 e f d f 5 9 9  
1 1 d a c 4 1 2 5 d
ra[21265]: 10 Jan 06 23:03:33 waiting for server reply...
ra[21265]: 10 Jan 06 23:03:33 authentication failed
ra[21265]: 10 Jan 06 23:03:33 ArgusAuthenticate (0x8147f84) returning 0
ArgusAlert: ra[21265]: incorrect password

ra[21265]: 10 Jan 06 23:03:33 ArgusReadStream() ArgusRemoteFDs is empty
ra[21265]: 10 Jan 06 23:03:33 ArgusShutDown (0)


The argus spit out these log messages:

argus_linux[21262]: 10 Jan 06 23:03:27 ArgusNewSocket (9) returning  
0x81657d0
argus_linux[21262]: 10 Jan 06 23:03:27 ArgusSendInitialMar 
(-1073745432) returning
argus_linux[21262]: 10 Jan 06 23:03:27 ArgusCheckClientStatus()  
returning
argus_linux[21267]: 10 Jan 06 23:03:27 ArgusClientProcess: received  
start record, len 128
argus_linux[21267]: 10 Jan 06 23:03:27 ArgusNewSocket (8) returning  
0x8175810
argus_linux[21267]: 10 Jan 06 23:03:27 ArgusNewSocket (7) returning  
0x8185850
argus_linux[21267]: 10 Jan 06 23:03:27 ArgusAuthenticateClient: SASL  
enabled
argus_linux[21267]: 10 Jan 06 23:03:27 ArgusSendSaslString(0x8195bd8,  
0x8195a30, 22)
{ D I G E S T - M D 5 ,   C R A M - M D 5 }
argus_linux[21267]: 10 Jan 06 23:03:27 ArgusGetSaslString(0x8195a70,  
0xbfffcc40, 10)
D I G E S T - M D 5
argus_linux[21267]: 10 Jan 06 23:03:27 ArgusGetSaslString(0x8195a70,  
0xbfffccc0, 0)

argus_linux[21267]: 10 Jan 06 23:03:27 sending response length 152...
argus_linux[21267]: 10 Jan 06 23:03:27 ArgusSendSaslString(0x8195bd8,  
0x8195e68, 152)
r e a l m = " h o r u s . ( n o n e ) " , n o n c e = " 0 V H t q e r  
C o 9 Y 0 l n h y 1 w C R 0 6 n i 2 W 0 f g 9 l p 7 u 5 Z X n Z / G V  
Y = " , q o p = " a u t h , a u t h - i n t , a u t h - c o n f " , c  
i p h e r = " r c 4 - 4 0 " , c h a r s e t = u t f - 8 , a l g o r i  
t h m = m d 5 - s e s s
argus_linux[21267]: 10 Jan 06 23:03:27 waiting for client reply...
argus_linux[21267]: 10 Jan 06 23:03:33 ArgusGetSaslString(0x8195a70,  
0xbfffccc0, 283)
u s e r n a m e = " a r g u s " , r e a l m = " h o r u s . ( n o n  
e ) " , n o n c e = " 0 V H t q e r C o 9 Y 0 l n h y 1 w C R 0 6 n i  
2 W 0 f g 9 l p 7 u 5 Z X n Z / G V Y = " , c n o n c e = " w L G P B  
d T L v l 1 R f M I A x X n 3 Z M i 1 G Q o v J D 1 L a E g K I x z W  
0 4 s = " , n c = 0 0 0 0 0 0 0 1 , q o p = a u t h - c o n f , c i p  
h e r = " r c 4 - 4 0 " , c h a r s e t = u t f - 8 , d i g e s t - u  
r i = " a r g u s / l o c a l h o s t . l o c a l d o m a i n " , r e  
s p o n s e = 8 e 3 c b e 0 e d 4 2 9 3 9 2 e f d f 5 9 9 1 1 d a c 4  
1 2 5 d
argus_linux[21267]: 10 Jan 06 23:03:33 Authentication failed
argus_linux[21267]: 10 Jan 06 23:03:33 ArgusInitClientProcess 
(0x8154d90, (null)) returning
argus_linux[21267]: 10 Jan 06 23:03:33 ArgusHandleClientData:  
sasl_encode(0x81958a0, 0x8175830, 104, 0xbffee8c8, 0xbffee8cc)
argus_linux: digestmd5.c:1503: privacy_encode: Assertion `text- 
 >maxbuf > 0' failed.
argus_linux[21262]: 10 Jan 06 23:03:33 ArgusCloseSocket(0) returning
argus_linux[21262]: 10 Jan 06 23:03:33 ArgusOutputProcess() select  
returned Interrupted system call


All suggesting that sasl is working on this machine.

Carter


On Jan 10, 2006, at 9:14 PM, Peter Moody wrote:

> Ok. Since this hasn't generated the response I was hoping for, I'm
> going to rephrase this. Has anyone gotten some sort of argus
> authentication working?  Unfortunately, I don't have a network where I
> can easily seperate the people who are allowed to see this data from
> those who can't.
>
> Cheers,
> -Peter
>
>
> On 1/9/06, Peter Moody <peter.moody at gmail.com> wrote:
>> Howdy -
>>
>> I've been looking for information on how to get argus working
>> properlly with SASL for client authentication.  I've got an argus
>> binary linked against sasl and I've got an argus client (ra) client
>> linked against sasl, but I can't find out how to get argus to use my
>> existing kerb backend for authentication when the client connects.  I
>> could spend more time banging my head against my monitors, but I was
>> hoping someone here might have done it already and could share some
>> insight.
>>
>> Cheers,
>> -Peter
>>
>

Carter Bullard
CEO/President
QoSient, LLC
150 E. 57th Street Suite 12D
New York, New York 10022

+1 212 588-9133 Phone
+1 212 588-9134 Fax

More information about the argus mailing list