Saslauthd and Enhanced Security

From: Swigg, Tom C <swiggtc_at_lsbu.ac.uk>
Date: Wed, 29 Jun 2005 17:22:03 +0100

Hi,

I have two questions about enhanced security. I am running Trucluster
V5.1a on two ES40s with RA3000 storage and the following patches, one
of which is a CSP to sort out AdvFS quota problems

        - T64KIT0021547-V51AB24-20040211 OSF520
        - T64V51AB01AS0001-20020116 OSF520
        - T64V51AB01AS0001-20020116 TCR520
        - T64V51AB21AS0004-20030206 OSF520
        - T64V51AB21AS0004-20030206 TCR520
        - T64V51AB24AS0006-20031031 OSF520
        - T64V51AB24AS0006-20031031 TCR520


1) I am interested in u_suctty and u_unsuctty. Sometimes the
information in these fields is incomplete not showing the full dns
entry for the remote machine. For example:

# edauth -dp -g fredfred
fredfred:u_name=3Dfredfred:u_id#9235:u_pwd=3DI.lbUdH4aSkkzuiWfwSx3o:u_
suc=
c
hg#1119260075:\
        :u_suclog#1080718147:u_suctty=3DINET#rw-ngdma:u_lock_at_:chkent:

When a dns reverse lookup cannot be done it will show the IP address
as in INET#1.2.3.4 so why the half measure? Sometimes the entries are
strangely incomplete as in INET#br-icts-=20 Any thoughts?

2) I am interested in u_suclog and u_unsuclog and whether they are
updated when running cyrus (2.1.1) imap and pop3 with=20 saslauthd
(2.1.9)=20 I can see entries in syslog's auth.log for saslauthd
AUTHFAIL for pop and imap. The timestamps seem to correspond to=20 the
u_unsuclog entry but does not reflect the remote machine in
u_unsuctty. Successful mail logins are not recorded at all.=20

Why am I interested? I have 65000+ users and need to identify accounts
that are not in use. Many, at least a third, have had no shell login
but may have been used for pop/imap. It seems that the enhanced
security database does not always get updated on successful login.

Regards Tom
Received on Wed Jun 29 2005 - 16:22:56 NZST

This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:45 NZDT