From: Alexey Melnikov (Alexey dot Melnikov at isode dot com)
Date: Mon May 17 2004 - 04:49:33 EDT
T.J. Kniveton wrote:
> This question was posted about a year back, and maybe other times.
> The question is: given a user in a database, how can you change realms?
This is not going to help you in a short term, but I am [slowly] working
on adding "user rename" and "domain rename" functionality to SASL. "user
rename" would be implemented as a new auxprop method. "domain rename"
can be another auxprop method, but if it is NULL, libsasl will emulate
"domain rename" using "user rename".
> My practical example is: I have a very small mailserver with a few
> users and a berkeley4.2-backed sasldb2 database.
> Now I want to move that to a new machine. Since I am not using
> kerberos at all, the canonized usernames on the old machine were
> user at fqdn1 dot On the new machine, it will be looking for user at fqdn2 dot So
> I want to change all the realms in my sasldb2 file from fqdn1 to
> fqdn2, while retaining the rest of the auxillary properties,
> especially the password.
> I started looking at saslpasswd.c, and then a bit deeper into the
> code, and it's obvious that this is a tricky thing to do. The entries
> in the db seem to be keyed on realm, and there is no sort of function
> to make this easy.
> I wrote a function in lib/server.c that copies a user and gives a new
> userid and realm (domain), and changed saslpasswd.c to use it.
> I got pretty tangled in the sasl_conn_t and sasl_server_conn_t
> structures. Reminds me of mbufs. At this point, I think I need to open
> a new connection, and in the sasl_out_params, put the new canonified
> userid with the new realm. But I'm not sure.
> This proved to be quite time consuming, because the first time I wrote
> the code, I brilliantly wiped it out with a simple 'make clean' in my
> ports directory where I was working. doh! The second time around, it
> wasn't successful.. Maybe when I have some more time I'll look at this
> again. Does anyone more knowledgeable about this have any suggestions?
Isode Limited, http://www.isode.com
IETF standard related pages:
Personal Home Page: http://www.melnikov.ca