saslauthd -a pam + 'imap' service name = dead saslauthd

Nicolas Williams Nicolas.Williams at sun.com
Wed Mar 29 19:14:17 EST 2006


On Wed, Mar 29, 2006 at 06:25:01PM -0500, Jeff Blaine wrote:
> Is this a known issue?  What am I doing wrong?
> 
> Solaris 9 SPARC
> Cyrus IMAPd 2.2.12
> Cyrus SASL 2.1.20
> 
> 1.  saslauthd -a pam
> 
> 2.  'imap' used as PAM service name (below snippet).
> 
> RESULT: saslauthd promptly crashes.  Zero logins.
>          Can repeat.
> 
> #------------ BEGIN /etc/pam.conf imap lines ------------------
> imap  auth requisite          pam_authtok_get.so.1
> imap  auth required           pam_dhkeys.so.1
> imap  auth sufficient /usr/lib/security/pam_afs.so.1 ignore_root
> setenv_password_expires
> imap  auth required           pam_unix_auth.so.1
> #------------ END /etc/pam.conf imap lines --------------------
> 
> Attached output from 'truss -f -p <parent_saslauthd_PID>'
> during a connection under the situation above.
> 
> I see nothing interesting :(

For one you've truncated the truss, so I one can't tell what file
descriptor 9 is (it's a door, but to what?  nscd I bet).

For another, something's forking, and the child is sendign SIGTERM to
the parent for no apparent reason.

Try apptrace(1).

Also, it's not even clear if this is happening in PAM or not; apptrace
will help.  Logs would too (add 'debug' to all those PAM modules'
arguments, configure syslog to save debug logs, create the debug log,
restart syslogd).

Nico
-- 


More information about the Cyrus-sasl mailing list