saslauthd stops working
Dan White
dwhite at olp.net
Tue Dec 1 16:18:27 EST 2009
On 01/12/09 14:39 -0600, Cliff Hayes wrote:
>1) how do join the cyrus-sasl list?
http://cyrusimap.web.cmu.edu/lists.html
>2) I do not have an /etc/saslauthd.conf ... here is the contents of
>/etc/sysconfig/saslauthd:
>
>SOCKETDIR=/var/run/saslauthd
>
>#MECH=pam
>MECH=shadow
>
>FLAGS=
>
>3) Here is my saslauthd-releated sendmail config options:
>
>TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
>define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
>
>After sending my help request below, I decided to expand them to:
>
>TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
>define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
>PLAIN')dnl
>
>4) where would I put the option to increase threads? Do you have a
>recommendation for 3200 users?
I don't know that the number of threads is an issue, particularly if you
are using pam or shadow. I would not expect you to need more, but if for
some reason you're hitting a resource limit, you can try changing your
FLAGS= entry in /etc/sysconfig/saslauthd to:
FLAGS="-n 10"
>5) how do I upgrade to 2.1.23 if not listed in yum? I can't use the
>binaries since I'm using Fedora 11 rpms installed via yum.
You could compile your own, or see if there is a cyrus list within the
Fedora camp that could assist you.
>6) I noticed this on my newer system (2.1.23) ... it says in
>/etc/sysconfig/saslauthd:
>
># Options sent to the saslauthd. If the MECH is other than "pam" uncomment
>the next line.
>#DAEMONOPTS=--user saslauth
>
>but when I do that and restart saslauthd I get this:
>
>/etc/sysconfig/saslauthd: line 11: saslauth: command not found
>
>line 11 is the DAEMONOPTS=--user saslauth
That appears to be specific to the Fedora init script. I'm guessing there
are missing double quotes around "--user saslauth". You may or may not be
able to read the shadow file with that enabled (depending on the
permissions that you have set on your shadow file)..
>-----Original Message-----
>From: Dan White [mailto:dwhite at olp.net]
>Sent: Tuesday, December 01, 2009 11:41 AM
>To: Cliff Hayes
>Cc: cyrus-sasl at lists.andrew.cmu.edu
>Subject: Re: saslauthd stops working
>
>
>On 01/12/09 09:51 -0600, Cliff Hayes wrote:
>>We have 3200 users using a sendmail/dovecot/saslauthd server. I just
>>upgraded to new hardware and Fedora 11. Since then saslauthd randomly
>stops
>>working. I have tried auth modes of both pam and shadow and that has not
>>helped. Currently using shadow.
>>
>>This morning users were complaining they could not send mail. Further
>>research revealed log entries like the following started at 17:48 and
>>continued on till morning for everyone until I did a service saslauthd
>>restart:
>>
>>Nov 30 17:48:29 sendmail saslauthd[1646]: do_auth : auth failure:
>>[user=sjcca1] [service=smtp] [realm=] [mech=shadow] [reason=Unknown]
>>
>>I can find no log entries other than the above so nothing to go on. The
>>only thing I can see is that 99% of users have no realm in the log entries.
>>Why a few do and most don't is a mystery to me.
>>
>>I am using version 2.1.22 - I have another server which has 2.1.23 so I
>know
>>a new version is out there.
>>When I run yum update it does not report that a newer version of saslauthd
>>will be installed, so not sure how to get the newer version or if that will
>>help.
>
>Cliff,
>
>I'm moving this discussion to the cyrus-sasl list since it appears to be
>the most appropriate location.
>
>Can you provide your saslauthd configuration or startup options (e.g.
>/etc/default/saslauthd)? Also include your /etc/saslauthd.conf if you have
>one.
>
>Can you provide your sasl related sendmail config?
>
>The existence of a realm may depend on the client implementation.
>
>By default, saslauthd runs with 5 threads. You can increase it with the -n
>option.
>
>Try using testsaslauthd to help troubleshoot when the problem is happening.
--
Dan White
More information about the Cyrus-sasl
mailing list