The realm does matter. It took awhile to realize this but moving an
/etc/sasldb2 from one machine to another --irregardless of db format,
gdbm or db, I couldn't authenticate against it. And that's using 'imtest
-a <user> -u <user> <hostname>'
I found a solution to this (as illustrated below and my former emails to
this list):
1. Convert from gdbm to berkeley:
- http://dcs.nac.uci.edu/~strombrg/convert-database
2. Use this to change the realm from <oldrealm> to <newrealm>
- http://www.irbs.net/internet/cyrus-sasl/0405/0046.html
--kkruzich
Alexander Dalloz wrote:
Kevin Kruzich schrieb:
Clarification below...
Kevin Kruzich wrote:
I have an /etc/sasldb2 containing around 600 accounts, in GNU dbm
format. In running sasldblistusers2 I can see entries like so:
joe@greenwich: cmusaslsecretPLAIN
jack@greenwich: userPassword
jane@greenwich: userPassword
When I try to authenticate against (using imtest) this on a host
other than greenwich I get the following:
When I move the sasldb2 file to another host (eg, "mbox"), the system
we're planning to migrate to, I get the following:
S: L01 NO Login failed: user not found
Authentication failed. generic failure
Security strength factor: 0
How exactly do you try to auth? The username is "user@greenwich".
I CAN add another account joe@mbox using saslpasswd2 --but what I
really want to do is change the domain (or realm) in this existing
sasldb2.
Did you read "man saslpasswd2"? You would see to use "-u domain", which
sets the realm. By default the domain / realm is the hostname where you
run saslpasswd2.
I've moved the sasldb2 file to another host --and I can add an
additional account there. So there's joe@greenwich and joe@mbox. But
what I'd rather do is just change the name of the realm for joe,
leaving his former password intact.
Why does the realm matter if you seem to haven't it used for auth
previously?
Alexander
----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
--
Kevin Kruzich
UNIX Systems Administrator
Linkshare Corporation
Tel 646-654-6000 x344
Fax 646-602-0160
kkruzich@xxxxxxxxxxxxx
----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html