From: Swigg, Tom C (swiggtc@lsbu.ac.uk)
Date: Wed Jun 29 2005 - 12:22:03 EDT
Hi,
I have two questions about enhanced security. I am running Trucluster
V5.1a on two ES40s with RA3000 storage and the following patches, one
of which is a CSP to sort out AdvFS quota problems
- T64KIT0021547-V51AB24-20040211 OSF520
- T64V51AB01AS0001-20020116 OSF520
- T64V51AB01AS0001-20020116 TCR520
- T64V51AB21AS0004-20030206 OSF520
- T64V51AB21AS0004-20030206 TCR520
- T64V51AB24AS0006-20031031 OSF520
- T64V51AB24AS0006-20031031 TCR520
1) I am interested in u_suctty and u_unsuctty. Sometimes the
information in these fields is incomplete not showing the full dns
entry for the remote machine. For example:
# edauth -dp -g fredfred
fredfred:u_name=3Dfredfred:u_id#9235:u_pwd=3DI.lbUdH4aSkkzuiWfwSx3o:u_
suc=
c
hg#1119260075:\
:u_suclog#1080718147:u_suctty=3DINET#rw-ngdma:u_lock@:chkent:
When a dns reverse lookup cannot be done it will show the IP address
as in INET#1.2.3.4 so why the half measure? Sometimes the entries are
strangely incomplete as in INET#br-icts-=20 Any thoughts?
2) I am interested in u_suclog and u_unsuclog and whether they are
updated when running cyrus (2.1.1) imap and pop3 with=20 saslauthd
(2.1.9)=20 I can see entries in syslog's auth.log for saslauthd
AUTHFAIL for pop and imap. The timestamps seem to correspond to=20 the
u_unsuclog entry but does not reflect the remote machine in
u_unsuctty. Successful mail logins are not recorded at all.=20
Why am I interested? I have 65000+ users and need to identify accounts
that are not in use. Many, at least a third, have had no shell login
but may have been used for pop/imap. It seems that the enhanced
security database does not always get updated on successful login.
Regards Tom
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:50:20 EDT