saslauthd -a pam + 'imap' service name = dead saslauthd

Igor Brezac igor at ipass.net
Tue Apr 4 07:48:30 EDT 2006


On Mon, 3 Apr 2006, Igor Brezac wrote:

>
> On Mon, 3 Apr 2006, Jeff Blaine wrote:
>
>> Igor Brezac wrote:
>>> 
>>> Does saslauthd work without afs pam modules?
>> 
>> Yes.
>
> I am positive this is a saslauthd issue.

I meant to say I was not positive this was a saslauthd issue.

-Igor

>
>> 
>>> How did you build saslauthd?
>> 
>> config.status says:
>> 
>> configured by ./configure, generated by GNU Autoconf 2.57, with options 
>> \"'--prefix=/linus/mail/cyrus-2.2.12' '--with-gnu-ld'
>
> You should not use gnu-ld on solaris sparc.  See gcc notes.
>
> -Igor
>
>> '--with-bdb-libdir=/linus/mail/cyrus-2.2.12/lib' 
>> --with-bdb-incdir=/linus/mail/cyrus-2.2.12/include' '--with-pam' 
>> '--disable-gssapi' '--with-plugindir=/linus/mail/cyrus-2.2.12/lib/sasl2' 
>> '--disable-krb4' '--disable-anon' '--with-openssl=/usr/rcf' 
>> '--disable-digest' '--disable-cram' '--disable-checkapop' 
>> '--with-saslauthd=/var/run' '--disable-otp'\"
>> 
>>> -Igor
>>> 
>>> On Mon, 3 Apr 2006, Jeff Blaine wrote:
>>> 
>>>> Yeah... I'd say I am pretty sure.
>>>> 
>>>> http://asg.web.cmu.edu/archive/show.php?mailbox=archive.cyrus-sasl&msg=7727&part=3 
>>>> 10282:    fcntl(6, F_SETLKW, 0xFFBFFA78)    (sleeping...)
>>>> 10282:    fcntl(6, F_SETLKW, 0xFFBFFA78)            = 0
>>>> 10282:    accept(5, 0x000291D6, 0x00029244, 1)        = 7
>>>> ...
>>>> 10282:    fork()                        = 10868
>>>> 10868:    fork()        (returning as child ...)    = 10282
>>>> ...
>>>> 10868:    kill(-10282, SIGTERM)                = 0
>>>> ...
>>>> 10282:    _exit(0)
>>>> 
>>>> Igor Brezac wrote:
>>>>> 
>>>>> Are you sure?  What is your ulimit -a?
>>>>> 
>>>>> -Igor
>>>>> 
>>>>> On Mon, 3 Apr 2006, Jeff Blaine wrote:
>>>>> 
>>>>>> It doesn't dump core.
>>>>>> 
>>>>>> It's exit()ing for some reason.
>>>>>> 
>>>>>> I will see what I can dig up, but apptrace did not work
>>>>>> (recommended by Nico).
>>>>>> 
>>>>>> Igor Brezac wrote:
>>>>>>> 
>>>>>>> Can you get a backtrace?
>>>>>>> 
>>>>>>> -Igor
>>>>>>> 
>>>>>>> On Wed, 29 Mar 2006, Jeff Blaine wrote:
>>>>>>> 
>>>>>>>> Hi Nico,
>>>>>>>> 
>>>>>>>> Comments below.
>>>>>>>> 
>>>>>>>> Nicolas Williams wrote:
>>>>>>>>> On Wed, Mar 29, 2006 at 06:25:01PM -0500, Jeff Blaine wrote:
>>>>>>>>>> Is this a known issue?  What am I doing wrong?
>>>>>>>>>> 
>>>>>>>>>> Solaris 9 SPARC
>>>>>>>>>> Cyrus IMAPd 2.2.12
>>>>>>>>>> Cyrus SASL 2.1.20
>>>>>>>>>> 
>>>>>>>>>> 1.  saslauthd -a pam
>>>>>>>>>> 
>>>>>>>>>> 2.  'imap' used as PAM service name (below snippet).
>>>>>>>>>> 
>>>>>>>>>> RESULT: saslauthd promptly crashes.  Zero logins.
>>>>>>>>>>          Can repeat.
>>>>>>>>>> 
>>>>>>>>>> #------------ BEGIN /etc/pam.conf imap lines ------------------
>>>>>>>>>> imap  auth requisite          pam_authtok_get.so.1
>>>>>>>>>> imap  auth required           pam_dhkeys.so.1
>>>>>>>>>> imap  auth sufficient /usr/lib/security/pam_afs.so.1 ignore_root
>>>>>>>>>> setenv_password_expires
>>>>>>>>>> imap  auth required           pam_unix_auth.so.1
>>>>>>>>>> #------------ END /etc/pam.conf imap lines --------------------
>>>>>>>>>> 
>>>>>>>>>> Attached output from 'truss -f -p <parent_saslauthd_PID>'
>>>>>>>>>> during a connection under the situation above.
>>>>>>>>>> 
>>>>>>>>>> I see nothing interesting :(
>>>>>>>>> 
>>>>>>>>> For one you've truncated the truss, so I one can't tell what file
>>>>>>>>> descriptor 9 is (it's a door, but to what?  nscd I bet).
>>>>>>>> 
>>>>>>>> Hmm.  I'll try again.  Looking at the file I attached, it
>>>>>>>> is not truncated.  It ends where saslauthd exit()s and I
>>>>>>>> get my shell prompt back.
>>>>>>>> 
>>>>>>>> Reattached.
>>>>>>>> 
>>>>>>>>> For another, something's forking, and the child is sendign SIGTERM 
>>>>>>>>> to
>>>>>>>>> the parent for no apparent reason.
>>>>>>>>> 
>>>>>>>>> Try apptrace(1).
>>>>>>>> 
>>>>>>>> apptrace -f -o ~/Private/apptrace.out 
>>>>>>>> /linus/mail/cyrus/sbin/saslauthd -a pam
>>>>>>>> 
>>>>>>>> Gives me: unexpected version 3
>>>>>>>> 
>>>>>>>>> Also, it's not even clear if this is happening in PAM or not; 
>>>>>>>>> apptrace
>>>>>>>>> will help.  Logs would too (add 'debug' to all those PAM modules'
>>>>>>>>> arguments, configure syslog to save debug logs, create the debug 
>>>>>>>>> log,
>>>>>>>>> restart syslogd).
>>>>>>>> 
>>>>>>>> debug info included in pam.log attachment
>>>>>>>> 
>>>>>>> 
>>>>>> 
>>>>>> 
>>>>> 
>>>> 
>>>> 
>>> 
>> 
>> 
>
>

-- 
Igor


More information about the Cyrus-sasl mailing list