Re: Migrating a former /etc/sasldb2 (GNU dbm 1.x or ndbm database, little endian)

Tue, 15 Aug 2006 16:08:47 -0700 



The realm does matter. It took awhile to realize this but moving an 
/etc/sasldb2 from one machine to another --irregardless of db format, 
gdbm or db, I couldn't authenticate against it. And that's using 'imtest 
-a <user> -u <user> <hostname>'



I found a solution to this (as illustrated below and my former emails to 
this list):


1. Convert from gdbm to berkeley:
   - http://dcs.nac.uci.edu/~strombrg/convert-database
2. Use this to change the realm from <oldrealm> to <newrealm>
   - http://www.irbs.net/internet/cyrus-sasl/0405/0046.html


--kkruzich


Alexander Dalloz wrote:

Kevin Kruzich schrieb:



Clarification below...

Kevin Kruzich wrote:




I have an /etc/sasldb2 containing around 600 accounts, in GNU dbm 
format. In running sasldblistusers2 I can see entries like so:


[EMAIL PROTECTED]: cmusaslsecretPLAIN
[EMAIL PROTECTED]: userPassword
[EMAIL PROTECTED]: userPassword



When I try to authenticate against (using imtest) this on a host 
other than greenwich I get the following:




When I move the sasldb2 file to another host (eg, "mbox"), the system 
we're planning to migrate to, I get the following:



S: L01 NO Login failed: user not found
Authentication failed. generic failure
Security strength factor: 0



How exactly do you try to auth? The username is "[EMAIL PROTECTED]".




I CAN add another account [EMAIL PROTECTED] using saslpasswd2 --but what I 
really want to do is change the domain (or realm) in this existing 
sasldb2.



Did you read "man saslpasswd2"? You would see to use "-u domain", which 
sets the realm. By default the domain / realm is the hostname where you 
run saslpasswd2.





I've moved the sasldb2 file to another host --and I can add an 
additional account there. So there's [EMAIL PROTECTED] and [EMAIL PROTECTED] But 
what I'd rather do is just change the name of the realm for joe, 
leaving his former password intact.



Why does the realm matter if you seem to haven't it used for auth 
previously?


Alexander


----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html



--
Kevin Kruzich
UNIX Systems Administrator
Linkshare Corporation
Tel 646-654-6000 x344
Fax 646-602-0160
[EMAIL PROTECTED]
----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html














    











					Reply via email to