How is "realm" determined?

Dan White dwhite at olp.net
Mon Jul 23 17:56:16 EDT 2012


On 07/23/12 14:03 -0700, Reg Proctor wrote:
>Hi all,
>
>I have Cyrus setup on two servers the same way (as far as I know) and
>they both run off a MySQL database.
>
>On one the realm is the server's FQDN and on the other it's the alias.
>
>To given an example let's say my /etc/hosts file has an entry like this:
>
>192.168.1.123  boson.example.com boson
>
>On one of the servers the select statement to the database goes like
>this (looking at the logs with debug level 7):
>
>     SELECT AES_DECRYPT(`password`, '...........') AS password
>     FROM `accounts`
>     WHERE `user`='.....' AND `realm`='boson' AND `virtual` != 0;
>
>and the other like this:
>
>    SELECT AES_DECRYPT(`password`, '...........') AS password
>    FROM `accounts`
>    WHERE `user`='.....' AND `realm`='boson.example.com' AND `virtual` !
>= 0;
>
>The host file is the only place I can find where the short version of
>the domain exists yet when I remove it (and restart network, cyrus &
>sasl) the new setup still uses just "boson" instead of the FQDN like the
>first one I setup.
>
>I guess it really doesn't matter which way it works since I can always
>change the entries in the database to match but I would like to know
>enough to where I can predict what will happen if not actually control
>it (which would be the ideal of course).

How the realm is calculated is hard to nail down. Different mechanisms
calculate it in different ways.

See:

http://www.cyrussasl.org/docs/cyrus-sasl/2.1.25/programming.php

In the case where a client doesn't specify a realm, the realm is likely
going to be the result of a gethostbyname() system call.

On my Linux system, the manpage for 'hostname' claims to provide the value
returned by the gethostname system. I think that 'hostname -f' should give
you the same value that sasl should use for the realm.

-- 
Dan White


More information about the Info-cyrus mailing list