cyrus hanging (possible saslauthd problem)

Colin Bruce ccx004 at coventry.ac.uk
Wed May 26 15:44:42 EDT 2004 

Dear All,

We have been running cyrus imap for a couple of months now and it works well
most of the time. We have something like 20,000 registered users with around
800 simultaneous users most of the day. Lately we have noticed a strange
problem which we suspect might be saslauthd but might not. I thought it
might be worth asking if anyone else has seen this.

The facts are:

    cyrus imap 2.2.3
    saslauthd  2.1.8

We are currently using /etc/shadow so saslauthd only supports

    root at imap2: /usr/local/sbin/saslauthd -v
    saslauthd 2.1.18
    authentication mechanisms: getpwent rimap shadow

We are running on a Linux server

    root at imap2: uname -a
    Linux imap2 2.4.25 #1 SMP Thu Apr 15 21:58:02 BST 2004 i686 unknown unknown GNU/Linux

The symptoms depend on the e-mail client. However, I think pine shows it
best.

I can login and read e-mail quite happily most of the time. However,
sometimes it accepts my username and password and then says "opening inbox"
for ever. Usually, while this is in progress a message will flash up about
an untagged response. However, it is not visible long enough to see what
the message is about. In any event it will never open the inbox. We have
noticed that this is accompanied by a message in the auth file that
saslauthd writes failures to such as:

    May 26 20:31:29 imap2 saslauthd[6296]: do_auth : auth failure: [user=tellingj] [service=imap] [realm=] [mech=shadow] [reason=Unknown]

This happens even when the password that was typed in was correct.

We have also noticed that if this is happening then it does it for most (if
not all) people. However, after a minute or two it stops again and everything
is fine for a little while.

If the same thing happens with other clients the behaviour may vary. For
example, Netscape just reports an incorrect password immediately and continues
to do so each time the person tries to enter the password for a few minutes.
After a minute or two of this it works fine again.

What I am not sure about is whether it is happening every so often or
whether I am seeing it every so often and others are seeing the same thing
at different times.

Has anyone seen this type of thing before? Does anyone know how to fix it?
Could it be a locking thing? Is there some resource that is being dead locked?

We will be moving to Kerberos in the not too distant future but if there is
a quick and easy fix now I would be most grateful.

Best wishes....
Colin Bruce


---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list