SASL with argus
Jesse Bowling
jessebowling at gmail.com
Tue Jul 16 10:42:10 EDT 2013
Hi all,
I'm a SASL noob, and having a hard time getting it configured to work with
argus. I've tried setting it up and am getting the following error message:
rasplit[15301.00c7bc34f77f0000]: 10:27:31.072229 RaSaslNegotiate(0x3, 0x3,
0x27c6d90) receiving capability list...
rasplit[15301.00c7bc34f77f0000]: 10:27:31.072251 RaGetSaslString(0x3,
0x99773830, 8184) {}
rasplit[15301.00c7bc34f77f0000]: 10:27:31.072259 RaSaslNegotiate(0x3, 0x3,
0x27c6d90) calling sasl_client_start()
rasplit[15301.00c7bc34f77f0000]: 10:27:31.072646 RaSendSaslString(3, 0x0,
0) (null)
rasplit[15301]: 10:27:31.072663 RaSaslNegotiate: error starting SASL
negotiation SASL(-4): no mechanism available: No worthy mechs found
I have the following setup bits, and may of course be missing something
simple here:
/etc/argus.conf:
ARGUS_MIN_SSF=40
ARGUS_MAX_SSF=128
/etc/ra.conf
RA_USER_AUTH="raclient/raclient"
RA_AUTH_PASS="Passwd I set with saslpasswd2 -c -a argus raclient"
/etc/sasl2/argus.conf:
pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: DIGESTMD5 PLAIN LOGIN CRAMMD5
# sasldblistusers2:
raclient at host.realm.tld: userPassword
Pluginviewer output:
Installed SASL (server side) mechanisms are:
CRAM-MD5 DIGEST-MD5 PLAIN ANONYMOUS LOGIN EXTERNAL
List of server plugins follows
Plugin "crammd5" [loaded], API version: 4
SASL mechanism: CRAM-MD5, best SSF: 0, supports setpass: no
security flags: NO_ANONYMOUS|NO_PLAINTEXT
features: SERVER_FIRST
Plugin "digestmd5" [loaded], API version: 4
SASL mechanism: DIGEST-MD5, best SSF: 128, supports setpass: no
security flags: NO_ANONYMOUS|NO_PLAINTEXT|MUTUAL_AUTH
features: PROXY_AUTHENTICATION
Plugin "plain" [loaded], API version: 4
SASL mechanism: PLAIN, best SSF: 0, supports setpass: no
security flags: NO_ANONYMOUS
features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
Plugin "anonymous" [loaded], API version: 4
SASL mechanism: ANONYMOUS, best SSF: 0, supports setpass: no
security flags: NO_PLAINTEXT
features: WANT_CLIENT_FIRST
Plugin "login" [loaded], API version: 4
SASL mechanism: LOGIN, best SSF: 0, supports setpass: no
security flags: NO_ANONYMOUS
features:
Installed auxprop mechanisms are:
sasldb
List of auxprop plugins follows
Plugin "sasldb" , API version: 4
supports store: yes
Installed SASL (client side) mechanisms are:
CRAM-MD5 DIGEST-MD5 PLAIN ANONYMOUS LOGIN EXTERNAL
List of client plugins follows
Plugin "crammd5" [loaded], API version: 4
SASL mechanism: CRAM-MD5, best SSF: 0
security flags: NO_ANONYMOUS|NO_PLAINTEXT
features: SERVER_FIRST
Plugin "digestmd5" [loaded], API version: 4
SASL mechanism: DIGEST-MD5, best SSF: 128
security flags: NO_ANONYMOUS|NO_PLAINTEXT|MUTUAL_AUTH
features: PROXY_AUTHENTICATION|NEED_SERVER_FQDN
Plugin "plain" [loaded], API version: 4
SASL mechanism: PLAIN, best SSF: 0
security flags: NO_ANONYMOUS
features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
Plugin "anonymous" [loaded], API version: 4
SASL mechanism: ANONYMOUS, best SSF: 0
security flags: NO_PLAINTEXT
features: WANT_CLIENT_FIRST
Plugin "login" [loaded], API version: 4
SASL mechanism: LOGIN, best SSF: 0
security flags: NO_ANONYMOUS
features: SERVER_FIRST
Plugin "EXTERNAL" [loaded], API version: 4
SASL mechanism: EXTERNAL, best SSF: 0
security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_DICTIONARY
features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
Anyone set this up successfully for digest-md5?
Thanks,
Jesse
--
Jesse Bowling
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130716/dcf35f73/attachment.html>
More information about the argus
mailing list