saslauthd -a pam + 'imap' service name = dead saslauthd
Nicolas Williams
Nicolas.Williams at sun.com
Wed Mar 29 19:14:17 EST 2006
On Wed, Mar 29, 2006 at 06:25:01PM -0500, Jeff Blaine wrote:
> Is this a known issue? What am I doing wrong?
>
> Solaris 9 SPARC
> Cyrus IMAPd 2.2.12
> Cyrus SASL 2.1.20
>
> 1. saslauthd -a pam
>
> 2. 'imap' used as PAM service name (below snippet).
>
> RESULT: saslauthd promptly crashes. Zero logins.
> Can repeat.
>
> #------------ BEGIN /etc/pam.conf imap lines ------------------
> imap auth requisite pam_authtok_get.so.1
> imap auth required pam_dhkeys.so.1
> imap auth sufficient /usr/lib/security/pam_afs.so.1 ignore_root
> setenv_password_expires
> imap auth required pam_unix_auth.so.1
> #------------ END /etc/pam.conf imap lines --------------------
>
> Attached output from 'truss -f -p <parent_saslauthd_PID>'
> during a connection under the situation above.
>
> I see nothing interesting :(
For one you've truncated the truss, so I one can't tell what file
descriptor 9 is (it's a door, but to what? nscd I bet).
For another, something's forking, and the child is sendign SIGTERM to
the parent for no apparent reason.
Try apptrace(1).
Also, it's not even clear if this is happening in PAM or not; apptrace
will help. Logs would too (add 'debug' to all those PAM modules'
arguments, configure syslog to save debug logs, create the debug log,
restart syslogd).
Nico
--
More information about the Cyrus-sasl
mailing list