sasl support for argus and clients

Gabriel L. Somlo somlo at cmu.edu
Wed Jul 19 11:47:57 EDT 2006 

On Tue, Jul 18, 2006 at 10:10:33PM +0000, carter at qosient.com wrote:
> I believe there is a default non-zero value, so if you compiled in sasl support, and you don't want security, you should set the *SSL_MIN* and *SSL_MAX* to zero?

You mean ARGUS_MIN_SSF and ARGUS_MAX_SSF ? They're set to 40 and 128
and commented out in the config file. I uncommented them and set them
both to 0, with the same result -- ra segfaults after printing out the
error message about SASL negotiation.

Funny thing is, it's not argus itself having a problem, but rather the
ra client barfs when it tries to connect to it... Not just 'oh, I give
up because I can't negotiate SASL, bye' but a real, bona-fide segfault :)

Let me know if you can't replicate this, and I'll get in there with a
debugger and poke around...

Thanks,
Gabriel

> 
> Carter Bullard
> QoSient LLC
> 150 E. 57th Street Suite 12D
> New York, New York 10022
> +1 212 588-9133 Phone
> +1 212 588-9134 Fax  
> 
> -----Original Message-----
> From: "Gabriel L. Somlo" <somlo at cmu.edu>
> Date: Tue, 18 Jul 2006 17:40:59 
> To:Carter Bullard <carter at qosient.com>
> Cc:Argus <argus-info at lists.andrew.cmu.edu>
> Subject: Re: [ARGUS] sasl support for argus and clients
> 
> On Mon, Jul 17, 2006 at 11:32:23PM -0400, Carter Bullard wrote:
> > A new set of release candidates is now available on the server.
> > This set enables SASL support for strong encryption and authentication
> > for argus and its clients.   This release is intended for those that are
> > doing SASL testing (although anyone is welcome to test), as you need
> > to create sasl accounts on the machine running argus (saslpasswd),
> > so there is some work to do just to get started.
> 
> Carter,
> 
> I built both argus rc.20 and argus-clients rc.21 on FC4 (using
> --with-sasl=yes) , and whenever I try to run ra to connect to argus,
> I get this:
> 
> 
> ra -n -S 128.2.4.35
> ra[32280]: 17:33:27.932784 RaSaslNegotiate: error starting SASL negotiation
> Segmentation fault
> 
> 
> I haven't set up any SASL accounts or changed anything in the config
> file from the last set of release candidates.
> 
> Do you mean that when compiling with SASL support (--with-sasl or
> --with-sasl=yes), SASL accounts then become *mandatory* ?
> 
> Thanks,
> Gabriel
> 
>

More information about the argus mailing list