saslauthd SASL_IPREMOTEPORT -> PAM_RHOST
Amir 'CG' Caspi
cepheid at 3phase.com
Thu Jan 5 06:45:55 EST 2012
Hi all,
I tried enabling the saslauthd debug flags (-d -n 0) and
saslauthd is properly logging debug info but is NOT including the
remotehost info. My saslauthd debug log looks like:
saslauthd[6655] :do_auth : auth failure: [user=bleh]
[service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
saslauthd[6655] :do_auth : auth success: [user=yay]
[service=smtp] [realm=] [mech=pam]
The [remote=] field isn't showing up at all. How can I get
saslauthd to log the remote IP when debugging is turned on? Is there
some other setting I need to enable, or is saslauthd simply not
compiled correctly?
(I'm using saslauthd 2.1.22, part of the cyrus-sasl 2.1.22
RPM for CentOS 5.)
Lorenzo, RHEL won't commit your previous patch because they
claim it breaks the testsaslauthd utility, along with some other
things. Any chance you can update that so they might be willing to
commit it?
Thanks!
--- Amir
---- Original Message ----
>Hi Sean,
>
> I'm digging through some old emails since I'm trying to
>finally get this stuff to work. RH seems to be making a little
>progress in implementing Lorenzo's patch to get saslauthd to log
>rhost via PAM, but I'm curious about your suggestion here... what
>did you mean by changing the syslog to a different device, and
>getting sasl to log the info? Would this require not using pam
>anymore? I'm not all that familiar with the guts of sasl, pam, etc.
>so additional details would be helpful.
>
>Thanks.
> --- Amir
>
>At 3:18 PM -0400 05/23/2011, omalleys at msu.edu wrote:
>>Quoting Amir 'CG' Caspi <cepheid at 3phase.com>:
>>
>>> Of course, the rhost really is the most important piece
>>>anyway, since that's what I need for firewalling. I can live
>>>without the bad username, since apparently it's not logged anyway
>>>even with other services.
>>
>>
>>in the saslauthd code, I think there is a section that allows
>>-sasl- to log the information you want. It would probably be easier
>>to modify it there.
>>
>>IE remove the debug flag requirement and change the syslog to the
>>device you want.
More information about the Cyrus-sasl
mailing list