Saslauthd and Enhanced Security

From: Swigg, Tom C (swiggtc_at_lsbu.ac.uk)
Date: 06/29/05

  • Next message: Steven Frost: "SUMMARY: Trucluster and network settings" 
    Date: Wed, 29 Jun 2005 17:22:03 +0100
To: tru64-unix-managers@ornl.gov

    Hi,

    I have two questions about enhanced security. I am running Trucluster
    V5.1a on two ES40s with RA3000 storage and the following patches, one
    of which is a CSP to sort out AdvFS quota problems

            - T64KIT0021547-V51AB24-20040211 OSF520
            - T64V51AB01AS0001-20020116 OSF520
            - T64V51AB01AS0001-20020116 TCR520
            - T64V51AB21AS0004-20030206 OSF520
            - T64V51AB21AS0004-20030206 TCR520
            - T64V51AB24AS0006-20031031 OSF520
            - T64V51AB24AS0006-20031031 TCR520

    1) I am interested in u_suctty and u_unsuctty. Sometimes the
    information in these fields is incomplete not showing the full dns
    entry for the remote machine. For example:

    # edauth -dp -g fredfred
    fredfred:u_name=3Dfredfred:u_id#9235:u_pwd=3DI.lbUdH4aSkkzuiWfwSx3o:u_
    suc=
    c
    hg#1119260075:\
            :u_suclog#1080718147:u_suctty=3DINET#rw-ngdma:u_lock@:chkent:

    When a dns reverse lookup cannot be done it will show the IP address
    as in INET#1.2.3.4 so why the half measure? Sometimes the entries are
    strangely incomplete as in INET#br-icts-=20 Any thoughts?

    2) I am interested in u_suclog and u_unsuclog and whether they are
    updated when running cyrus (2.1.1) imap and pop3 with=20 saslauthd
    (2.1.9)=20 I can see entries in syslog's auth.log for saslauthd
    AUTHFAIL for pop and imap. The timestamps seem to correspond to=20 the
    u_unsuclog entry but does not reflect the remote machine in
    u_unsuctty. Successful mail logins are not recorded at all.=20

    Why am I interested? I have 65000+ users and need to identify accounts
    that are not in use. Many, at least a third, have had no shell login
    but may have been used for pop/imap. It seems that the enhanced
    security database does not always get updated on successful login.

    Regards Tom

  • Next message: Steven Frost: "SUMMARY: Trucluster and network settings"