SASL with argus

Jesse Bowling jessebowling at gmail.com
Tue Jul 16 13:06:56 EDT 2013


As a followup, I changed my argus.conf to look like:

pwcheck_method: auxprop
mech_list: DIGEST-MD5
auxprop_plugin: sasldb

and tried the sample client/server programs like this:

# sasl2-sample-server -s argus -m digest-md5
$ sasl2-sample-client -s argus -m digest-md5 localhost

...provide the authentication/authorization id as before, then the
password, and receive a successful authentication.

However I get the same error with ra client programs when attempting to
connect...What am I missing here?

Cheers,

Jesse




On Tue, Jul 16, 2013 at 10:42 AM, Jesse Bowling <jessebowling at gmail.com>wrote:

> Hi all,
>
> I'm a SASL noob, and having a hard time getting it configured to work with
> argus. I've tried setting it up and am getting the following error message:
>
> rasplit[15301.00c7bc34f77f0000]: 10:27:31.072229 RaSaslNegotiate(0x3, 0x3,
> 0x27c6d90) receiving capability list...
> rasplit[15301.00c7bc34f77f0000]: 10:27:31.072251 RaGetSaslString(0x3,
> 0x99773830, 8184) {}
> rasplit[15301.00c7bc34f77f0000]: 10:27:31.072259 RaSaslNegotiate(0x3, 0x3,
> 0x27c6d90) calling sasl_client_start()
> rasplit[15301.00c7bc34f77f0000]: 10:27:31.072646 RaSendSaslString(3, 0x0,
> 0) (null)
> rasplit[15301]: 10:27:31.072663 RaSaslNegotiate: error starting SASL
> negotiation SASL(-4): no mechanism available: No worthy mechs found
>
>
> I have the following setup bits, and may of course be missing something
> simple here:
>
> /etc/argus.conf:
>
> ARGUS_MIN_SSF=40
> ARGUS_MAX_SSF=128
>
> /etc/ra.conf
>
> RA_USER_AUTH="raclient/raclient"
> RA_AUTH_PASS="Passwd I set with saslpasswd2 -c -a argus raclient"
>
> /etc/sasl2/argus.conf:
>
> pwcheck_method: auxprop
> auxprop_plugin: sasldb
> mech_list: DIGESTMD5 PLAIN LOGIN CRAMMD5
>
> # sasldblistusers2:
> raclient at host.realm.tld: userPassword
>
> Pluginviewer output:
>
> Installed SASL (server side) mechanisms are:
> CRAM-MD5 DIGEST-MD5 PLAIN ANONYMOUS LOGIN EXTERNAL
> List of server plugins follows
> Plugin "crammd5" [loaded],      API version: 4
>         SASL mechanism: CRAM-MD5, best SSF: 0, supports setpass: no
>         security flags: NO_ANONYMOUS|NO_PLAINTEXT
>         features: SERVER_FIRST
> Plugin "digestmd5" [loaded],    API version: 4
>         SASL mechanism: DIGEST-MD5, best SSF: 128, supports setpass: no
>         security flags: NO_ANONYMOUS|NO_PLAINTEXT|MUTUAL_AUTH
>         features: PROXY_AUTHENTICATION
> Plugin "plain" [loaded],        API version: 4
>         SASL mechanism: PLAIN, best SSF: 0, supports setpass: no
>         security flags: NO_ANONYMOUS
>         features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
> Plugin "anonymous" [loaded],    API version: 4
>         SASL mechanism: ANONYMOUS, best SSF: 0, supports setpass: no
>         security flags: NO_PLAINTEXT
>         features: WANT_CLIENT_FIRST
> Plugin "login" [loaded],        API version: 4
>         SASL mechanism: LOGIN, best SSF: 0, supports setpass: no
>         security flags: NO_ANONYMOUS
>         features:
> Installed auxprop mechanisms are:
> sasldb
> List of auxprop plugins follows
> Plugin "sasldb" ,       API version: 4
>         supports store: yes
>
> Installed SASL (client side) mechanisms are:
> CRAM-MD5 DIGEST-MD5 PLAIN ANONYMOUS LOGIN EXTERNAL
> List of client plugins follows
> Plugin "crammd5" [loaded],      API version: 4
>         SASL mechanism: CRAM-MD5, best SSF: 0
>         security flags: NO_ANONYMOUS|NO_PLAINTEXT
>         features: SERVER_FIRST
> Plugin "digestmd5" [loaded],    API version: 4
>         SASL mechanism: DIGEST-MD5, best SSF: 128
>         security flags: NO_ANONYMOUS|NO_PLAINTEXT|MUTUAL_AUTH
>         features: PROXY_AUTHENTICATION|NEED_SERVER_FQDN
> Plugin "plain" [loaded],        API version: 4
>         SASL mechanism: PLAIN, best SSF: 0
>         security flags: NO_ANONYMOUS
>         features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
> Plugin "anonymous" [loaded],    API version: 4
>         SASL mechanism: ANONYMOUS, best SSF: 0
>         security flags: NO_PLAINTEXT
>         features: WANT_CLIENT_FIRST
> Plugin "login" [loaded],        API version: 4
>         SASL mechanism: LOGIN, best SSF: 0
>         security flags: NO_ANONYMOUS
>         features: SERVER_FIRST
> Plugin "EXTERNAL" [loaded],     API version: 4
>         SASL mechanism: EXTERNAL, best SSF: 0
>         security flags: NO_ANONYMOUS|NO_PLAINTEXT|NO_DICTIONARY
>         features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
>
> Anyone set this up successfully for digest-md5?
>
> Thanks,
>
> Jesse
>
> --
> Jesse Bowling
>
>


-- 
Jesse Bowling
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130716/8ba1c982/attachment.html>


More information about the argus mailing list