Migrating a former /etc/sasldb2 (GNU dbm 1.x or ndbm database, little endian)

Kevin Kruzich kkruzich at linkshare.com
Tue Aug 15 18:51:38 EDT 2006



The realm does matter. It took awhile to realize this but moving an 
/etc/sasldb2 from one machine to another --irregardless of db format, 
gdbm or db, I couldn't authenticate against it. And that's using 'imtest 
-a <user> -u <user> <hostname>'

I found a solution to this (as illustrated below and my former emails to 
this list):

1. Convert from gdbm to berkeley:
    - http://dcs.nac.uci.edu/~strombrg/convert-database
2. Use this to change the realm from <oldrealm> to <newrealm>
    - http://www.irbs.net/internet/cyrus-sasl/0405/0046.html


--kkruzich


Alexander Dalloz wrote:
> Kevin Kruzich schrieb:
> 
>>
>> Clarification below...
>>
>> Kevin Kruzich wrote:
>>
>>>
>>> I have an /etc/sasldb2 containing around 600 accounts, in GNU dbm 
>>> format. In running sasldblistusers2 I can see entries like so:
>>>
>>> joe at greenwich: cmusaslsecretPLAIN
>>> jack at greenwich: userPassword
>>> jane at greenwich: userPassword
>>>
>>>
>>> When I try to authenticate against (using imtest) this on a host 
>>> other than greenwich I get the following:
>>
>>
>> When I move the sasldb2 file to another host (eg, "mbox"), the system 
>> we're planning to migrate to, I get the following:
>>
>>> S: L01 NO Login failed: user not found
>>> Authentication failed. generic failure
>>> Security strength factor: 0
>>
> How exactly do you try to auth? The username is "user at greenwich".
> 
>>>
>>> I CAN add another account joe at mbox using saslpasswd2 --but what I 
>>> really want to do is change the domain (or realm) in this existing 
>>> sasldb2.
>>
> Did you read "man saslpasswd2"? You would see to use "-u domain", which 
> sets the realm. By default the domain / realm is the hostname where you 
> run saslpasswd2.
> 
>>
>> I've moved the sasldb2 file to another host --and I can add an 
>> additional account there. So there's joe at greenwich and joe at mbox. But 
>> what I'd rather do is just change the name of the realm for joe, 
>> leaving his former password intact.
> 
> Why does the realm matter if you seem to haven't it used for auth 
> previously?
> 
> Alexander
> 
> 
> ----
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> 

-- 
Kevin Kruzich
UNIX Systems Administrator
Linkshare Corporation
Tel 646-654-6000 x344
Fax 646-602-0160
kkruzich at linkshare.com


More information about the Info-cyrus mailing list