sasl2 support included in rc.42
Carter Bullard
carter at qosient.com
Fri Mar 16 02:49:40 EDT 2007
Gentle people,
I have gotten sasl2 running for argus and all the ra* programs except
radium(), which I should have by early next week (just a minor
adjustment
since it is both a client and a server of argus data).
The ./configure support is such that sasl2 support for both argus and
the
clients are off by default. To turn it on, for either argus or
clients is:
./configure --with-sasl
There is no sasl1 support in rc.42.
If the directories are not in standard places for cyrus-sasl, then:
./configure --with-sasl=/full/path/name/to/sasl/dir
It works for all the mechs that I could test (all on Fedora 6):
PLAIN, ANONYMOUS, LOGIN - using saslauthd with an argus.conf
file in the sasl2 config directory
that contained:
pwcheck_method: saslauthd
and saslauthd running as "saslauthd -a
shadow"
this allowed me to authenticate as a
user account.
DIGEST-MD5 - using sasldb, generating a simple account using
saslpasswd2. this allowed me to test
auth, auth-int,
and auth-conf, by setting the
ARGUS_MIN_SSF to
something other than 0, in /etc/
argus.conf.
ARGUS_MIN_SSF=1 is authentication
with integrity
protection for the argus records, and
any number
greater than 1 is suppose to be the
key length for
confidentiality protection (something
like that).
Hopefully when I put rc.42 up on the server (friday/mon), you all
can be kind enough to give it a try, without too much criticism.
I can provide detailed instructions on how I got it to run, if you need
them. Currently I am testing it to make sure it didn't break anything
when you don't use sasl2.
Hope all is most excellent,
Carter
More information about the argus
mailing list