[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tru64-unix-managers
Subject:    Saslauthd and Enhanced Security
From:       "Swigg, Tom C" <swiggtc () lsbu ! ac ! uk>
Date:       2005-06-29 16:22:03
Message-ID: 22EAFEE3A6192C4BBDBAF905E6ACB29D022308 () CSD-EXBE-VS1 ! lsbu ! ac ! uk
[Download RAW message or body]

Hi,

I have two questions about enhanced security. I am running Trucluster
V5.1a on two ES40s with RA3000 storage and the following patches, one
of which is a CSP to sort out AdvFS quota problems

        - T64KIT0021547-V51AB24-20040211 OSF520
        - T64V51AB01AS0001-20020116 OSF520
        - T64V51AB01AS0001-20020116 TCR520
        - T64V51AB21AS0004-20030206 OSF520
        - T64V51AB21AS0004-20030206 TCR520
        - T64V51AB24AS0006-20031031 OSF520
        - T64V51AB24AS0006-20031031 TCR520


1) I am interested in u_suctty and u_unsuctty. Sometimes the
information in these fields is incomplete not showing the full dns
entry for the remote machine. For example:

# edauth -dp -g fredfred
fredfred:u_name=fredfred:u_id#9235:u_pwd=I.lbUdH4aSkkzuiWfwSx3o:u_
succ
hg#1119260075:\
        :u_suclog#1080718147:u_suctty=INET#rw-ngdma:u_lock@:chkent:

When a dns reverse lookup cannot be done it will show the IP address
as in INET#1.2.3.4 so why the half measure? Sometimes the entries are
strangely incomplete as in  INET#br-icts-  Any thoughts?

2) I am interested in u_suclog and u_unsuclog and whether they are
updated when running cyrus (2.1.1) imap and pop3 with  saslauthd
(2.1.9)  I can see entries in syslog's auth.log for saslauthd
AUTHFAIL for pop and imap. The timestamps seem to correspond to  the
u_unsuclog entry but does not reflect the remote machine in
u_unsuctty. Successful mail logins are not recorded at all. 

Why am I interested? I have 65000+ users and need to identify accounts
that are not in use. Many, at least a third, have had no shell login
but may have been used for pop/imap. It seems that the enhanced
security database does not always get updated on successful login.

Regards Tom

[prev in list] [next in list] [prev in thread] [next in thread]