Migrating a former /etc/sasldb2 (GNU dbm 1.x or ndbm database,
little endian)
Kevin Kruzich
kkruzich at linkshare.com
Tue Aug 15 18:51:38 EDT 2006
The realm does matter. It took awhile to realize this but moving an
/etc/sasldb2 from one machine to another --irregardless of db format,
gdbm or db, I couldn't authenticate against it. And that's using 'imtest
-a <user> -u <user> <hostname>'
I found a solution to this (as illustrated below and my former emails to
this list):
1. Convert from gdbm to berkeley:
- http://dcs.nac.uci.edu/~strombrg/convert-database
2. Use this to change the realm from <oldrealm> to <newrealm>
- http://www.irbs.net/internet/cyrus-sasl/0405/0046.html
--kkruzich
Alexander Dalloz wrote:
> Kevin Kruzich schrieb:
>
>>
>> Clarification below...
>>
>> Kevin Kruzich wrote:
>>
>>>
>>> I have an /etc/sasldb2 containing around 600 accounts, in GNU dbm
>>> format. In running sasldblistusers2 I can see entries like so:
>>>
>>> joe at greenwich: cmusaslsecretPLAIN
>>> jack at greenwich: userPassword
>>> jane at greenwich: userPassword
>>>
>>>
>>> When I try to authenticate against (using imtest) this on a host
>>> other than greenwich I get the following:
>>
>>
>> When I move the sasldb2 file to another host (eg, "mbox"), the system
>> we're planning to migrate to, I get the following:
>>
>>> S: L01 NO Login failed: user not found
>>> Authentication failed. generic failure
>>> Security strength factor: 0
>>
> How exactly do you try to auth? The username is "user at greenwich".
>
>>>
>>> I CAN add another account joe at mbox using saslpasswd2 --but what I
>>> really want to do is change the domain (or realm) in this existing
>>> sasldb2.
>>
> Did you read "man saslpasswd2"? You would see to use "-u domain", which
> sets the realm. By default the domain / realm is the hostname where you
> run saslpasswd2.
>
>>
>> I've moved the sasldb2 file to another host --and I can add an
>> additional account there. So there's joe at greenwich and joe at mbox. But
>> what I'd rather do is just change the name of the realm for joe,
>> leaving his former password intact.
>
> Why does the realm matter if you seem to haven't it used for auth
> previously?
>
> Alexander
>
>
> ----
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
--
Kevin Kruzich
UNIX Systems Administrator
Linkshare Corporation
Tel 646-654-6000 x344
Fax 646-602-0160
kkruzich at linkshare.com
More information about the Info-cyrus
mailing list