saslauthd SASL_IPREMOTEPORT -> PAM_RHOST

Amir 'CG' Caspi cepheid at 3phase.com
Thu Jan 5 06:45:55 EST 2012 

Hi all,

	I tried enabling the saslauthd debug flags (-d -n 0) and 
saslauthd is properly logging debug info but is NOT including the 
remotehost info.  My saslauthd debug log looks like:
saslauthd[6655] :do_auth         : auth failure: [user=bleh] 
[service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
saslauthd[6655] :do_auth         : auth success: [user=yay] 
[service=smtp] [realm=] [mech=pam]

	The [remote=] field isn't showing up at all.  How can I get 
saslauthd to log the remote IP when debugging is turned on?  Is there 
some other setting I need to enable, or is saslauthd simply not 
compiled correctly?
	(I'm using saslauthd 2.1.22, part of the cyrus-sasl 2.1.22 
RPM for CentOS 5.)

	Lorenzo, RHEL won't commit your previous patch because they 
claim it breaks the testsaslauthd utility, along with some other 
things.  Any chance you can update that so they might be willing to 
commit it?

Thanks!
						--- Amir


---- Original Message ----
>Hi Sean,
>
>	I'm digging through some old emails since I'm trying to 
>finally get this stuff to work.  RH seems to be making a little 
>progress in implementing Lorenzo's patch to get saslauthd to log 
>rhost via PAM, but I'm curious about your suggestion here... what 
>did you mean by changing the syslog to a different device, and 
>getting sasl to log the info?  Would this require not using pam 
>anymore?  I'm not all that familiar with the guts of sasl, pam, etc. 
>so additional details would be helpful.
>
>Thanks.
>						--- Amir
>
>At 3:18 PM -0400 05/23/2011, omalleys at msu.edu wrote:
>>Quoting Amir 'CG' Caspi <cepheid at 3phase.com>:
>>
>>>	Of course, the rhost really is the most important piece 
>>>anyway, since that's what I need for firewalling.  I can live 
>>>without the bad username, since apparently it's not logged anyway 
>>>even with other services.
>>
>>
>>in the saslauthd code, I think there is a section that allows 
>>-sasl- to log the information you want. It would probably be easier 
>>to modify it there.
>>
>>IE remove the debug flag requirement and change the syslog to the 
>>device you want.

More information about the Cyrus-sasl mailing list