saslauthd & PAM??

omalleys at msu.edu omalleys at msu.edu
Mon Nov 28 10:20:43 EST 2011


Off the top of my head and i'm not sure this is the same bug, you  
might try I think it is the flag -n1 or -n0, you may need to limit the  
number of threads for the process to 1.

sysconfig/saslauthd:
FLAGS=-n1

If that doesn't work and upgrading does, file a bug with on the fedora  
bugtracker so they fix it in the distribution.


Quoting Jeffrey Ross <jeff at bubble.org>:

> On 11/25/2011 06:16 PM, jeff at bubble.org wrote:
>> John,
>>
>> It was worth a shot but I just checked, my version of saslauthd was not
>> compiled to use sasldb as an authentication method:
>>
>> # /usr/sbin/saslauthd -v
>> saslauthd 2.1.23
>> authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap
>>
>> Thanks,
>> Jeff
>>
>>> Jeff,
>>>
>>> Perhaps try sasldblistusers2 to check your user database?
>>>
>>> - John Wright
>>> Starfire Research
>>>
>>> On 11/25/2011 4:28 PM, jeff at bubble.org wrote:
>>>> I'm running a Fedora 16 system, recently upgraded from Fedora 15 and I
>>>> am
>>>> unable to get saslauthd to authenticate users.
>>>>
>>>> What I have been able to figure out so far is that the parameters are
>>>> being passed to saslautd (eg testsaslauthd -u username -p password -s
>>>> smtp) but saslauthd appears to simply sit on the request, running a
>>>> strace
>>>> -f -p xxxx on the saslauthd process I can see my username and password
>>>> sitting there but that's it, its just sitting there.
>>>>
>>>> output from strace:
>>>> fcntl(6, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=0,
>>>> len=1}{sa_family=AF_FILE, NULL}, [2]) = 7
>>>> fcntl(6, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=1}) = 0
>>>> ) = 0
>>>> accept(5, read(7, "\0\4", 2)                      = 2
>>>> read(7, "username", 4)                  = 4
>>>> read(7, "\0\6", 2)                      = 2
>>>> read(7, "passwd", 6)                    = 6
>>>> read(7, "\0\4", 2)                      = 2
>>>> read(7, "smtp", 4)                      = 4
>>>> read(7, "\0\0", 2)                      = 2
>>>> read(7,
>>>>
>>>> I think this means that testsaslauthd is passing the query to saslauthd
>>>> correctlybut saslauthd for whatever reason isn't contacting PAM
>>>> properly.
>>>>
>>>> sysconfig/saslauthd:
>>>>
>>>> SOCKETDIR=/var/run/saslauthd
>>>> MECH=pam
>>>> FLAGS=
>>>>
>>>> /etc/pam.d/smtp:
>>>>
>>>> #%PAM-1.0
>>>> auth		include		password-auth
>>>> account		include		password-auth
>>>>
>>>>
>>>> selinux is disabled
>>>>
>>>> I'm probably missing something pretty simple but not sure where to look,
>>>> suggestions would be appreciated.
>>>>
>>>> Thanks, Jeff
>>>>
>>>>
>>>>
> It looks like the supplied version of saslauthd on Fedora 16 is  
> simply broken, a recompile with 2.1.25 worked with no issues.
>
> Thanks, Jeff
>






More information about the Cyrus-sasl mailing list