Quoting Amir 'CG' Caspi <cepheid@xxxxxxxxxx>:
On Mon, 23 May 2011 at 02:59:58 -0700, Amir 'CG' Caspi wrote:
As for the remote user, I can see that saslauthd does receive that
info, but it doesn't log it via PAM, as you can see. I believe
this is because the remote user is not being passed into the
correct field of the pamh struct, within auth_pam. It's being
passed into the login field, but it should also be passed into the
user field, I believe. I'm not a PAM expert, so I can't be sure,
but I think this is the case.
After looking at auth_pam() some more and after reading a bit of PAM
documentation, I think that in addition to PAM_RHOST, one also needs
to set PAM_USER. This is done with pam_set_item, just as for
PAM_RHOST.
I *THINK* a simple call such as:
pam_set_item(pamh, PAM_USER, login)
would work to get PAM to recognize the username and log it
appropriately. This would be done in the same place as setting
PAM_RHOST.
Could you try this on your patched copy to see if it works? If so,
the patch can be updated to include this line, and I think that
would fix pretty much everything. =)
My understanding is that it is up to the calling application to log
the data like CyrusMail should be logging auths, if you enable the
debug flag for the pam modules, or saslauthd, you will get additional
debug information which includes the information you are looking for.
However, it is more aimed at developers then it is end users.
Off the top of my head, PAM_USER is passed into the initial structure
via an enviromental variable, pam_rhost is actually is actually set
via a callback to an existing pointer.
If you use PAM_SET_ITEM on PAM_USER it is actually only a temporary
change, and won't get passed back to the calling application. And I
don't recall off the top of my head whether this gets passed through
the rest of the pam stack or not.
IE you auth cyrusmail, as user ME, then user ME, get passed to pam, if
you first module Pam_changeME.so changes the PAM_USER variable to the
user YOU for the rest of the auth session, then you will see in your
cyrusmail logs user=ME auth failed. in your pam debug logs, you will
see user=YOU failed for the pam_changeme.so debug session.
Kind of make sense?