PAM authentication - Remote host
fmma at itu.dk
fmma at itu.dk
Wed Jul 14 04:10:47 EDT 2010
In the man pages for the function sasl_getprop
(http://linux.die.net/man/3/sasl_getprop) it mentions that it is possible
to get the remote address string by using SASL_IPREMOTEPORT as input to
the function. I assume that the remote address string would contain a
value suitable for PAM_RHOST. Is this wrong?
If not, then surely it should be possible for saslauthd to assign a value
to RHOST (and maybe other items) before the PAM authentication procedure
commences by calling sasl_getprop and pam_set_item. This may be the code
twiddling you are referring to, but to me it seems rather fundamental and
it is my opinion that this should be included in the distributed packages.
- Frederik
> The saslauthd doesnt have an argument for RHOST or any of the other
> pam arguments.
> It only has 4 arguments available. username, password, realm and mech
> (i think).
>
> You can get it to work but you have to twiddle with the code a little bit.
>
>
> Quoting fmma at itu.dk:
>
>> Why does Cyrus-SASL not populate the PAM environment items (such as
>> PAM_RHOST) when using the PAM authentication mechanism ? Am I missing
>> something?
>>
>> - Frederik
>>
>>
>>
>
>
>
>
More information about the Cyrus-sasl
mailing list