saslauthd SASL_IPREMOTEPORT -> PAM_RHOST

Amir 'CG' Caspi cepheid at 3phase.com
Sun May 22 15:20:37 EDT 2011


Lorenzo,

	Also, does your patch pass the requested login name to 
saslauthd?  I didn't see that it did.  That would also be a great 
inclusion, so we could exclude dictionary attacks from potentially 
legitimate users.  Certainly not as crucial as the remote IP, though.

I've updated my RHEL bug to include a link to your patch - hopefully 
we can get it included upstream (especially if one of them applies 
cleanly to 2.1.22).

Thanks!
						--- Amir

At 4:00 PM +0200 05/22/2011, Lorenzo Catucci wrote:
>Since I've seen some other people requesting the functionality [*], I think
>someone could like getting a courtesy copy of a bugzilla entry I've just
>filed on bugzilla.cyrusimap.org:
>
>http://bugzilla.cyrusimap.org/bugzilla3/show_bug.cgi?id=3468
>
>I'm attaching both a 2.1.23 and a 2.1.24 version of the patch, since 
>there is a merge conflict between the former and 2.1.24 sources.
>
>I'd be grateful about any comment - review - test which could help 
>with upstreaming my patch.
>
>Please keep in mind that I'm unable to test on a solaris box; therefore,
>the ipc_doors changes should be treated as VERY SUSPECT; still, I 
>think they make sense, and would be twice as grateful to any solaris 
>tester...
>
>Thank you very much, yours
>
>	lorenzo
>
>[*] In particular, a google search lead to the following pages:
>
>http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/2011-March/002218.html
>      "saslauthd/PAM IP logging on failure"   - 2011-03-26
>
>https://bugzilla.redhat.com/show_bug.cgi?id=683797
>      "saslauthd using pam does not log rhost (remote host) IP/hostname
>           or requested login in /var/log/secure" - 2011-03-10
>
>http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/2010-July/002108.html
>      "PAM authentication - Remote host"      - 2010-07-13
>
>http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/2010-May/002085.html
>      "remote client ip"                      - 2010-05-24
>
>
>Attachment converted: Macintosh HD:saslauthd_pam_rhost#51C173.diff 
>(TEXT/ttxt) (0051C173)
>Attachment converted: Macintosh HD:saslauthd_pam_rhost_2.1.23.diff 
>(TEXT/ttxt) (0051C174)




More information about the Cyrus-sasl mailing list