cyrus-imapd/sasl on MacOS X 10.3.8: hang

Charles Bailey bailey.charles at gmail.com
Sun Apr 10 13:10:14 EDT 2005 

On Mar 17, 2005 1:12 PM, Charles Bailey <bailey.charles at gmail.com> wrote:

Some follow-up info, in case it triggers a thought . . .

> OS: Darwin my.host.name 7.8.0 Darwin Kernel Version 7.8.0: Wed Dec 22
> 14:26:17 PST 2004; root:xnu/xnu-517.11.1.obj~1/RELEASE_PPC  Power
> Macintosh powerpc
> 
> Prior services running (for some time without problems): OpenSSH, Apache, MySQL

Using Apple-supplied SASLv2 libs with C headers and saslauthd built from
cyrus-sasl 2.1.20 distribution 
saslauthd started with -a pam -n0; testsaslauthd runs fine


Built cyrus imapd 2.2.12 from source (hacking config* to treat 
'Darwin' like 'Rhapsody' and
various C source files to skip sys/msg.h) with
    ./configure --with-pidfile=/var/run/cyrus/cyrus-master.pid \
       --with-cyrus-prefix=/usr/local/cyrus \
       --with-cyrus-user=cyrus --with-cyrus-group=mail \
       --enable-listext --enable-gssapi \
       --with-bdb=/usr/local/BerkeleyDB.4.3/ --with-openssl \
       --with-sasl=/usr \
       --with-perl=/usr/local/bin/perl --with-libwrap --without-snmp
and symlinked /usr/cyrus to /usr/local/cyrus.
Cyrus master running imaps, pop3s, sieve, and imap to 127.0.0.1. 
Cyrus imapd working out of /var/imap; imapd.conf includes
    sasl_pwcheck_method: saslauthd
    sasl_mech_list: plain
still not actually delivering any mail to it.  i mtest -t '' -u bailey
works fine.

Built sendmail 8.3.14 from source with (among other things):
    APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS')
    APPENDDEF(`conf_sendmail_LIBS', `-lssl -lcrypto')
    APPENDDEF(`conf_sendmail_ENVDEF', `-DSASL=2')
    define(`confSHAREDLIB_EXT',`.dylib')
    APPENDDEF(`conf_sendmail_LIBS', `-lsasl2')
 /usr/lib/sasl2/Sendmail.conf is:
    pwcheck_method: saslauthd
    mech_list: plain
smtptest -t '' -u bailey works fine.

I was able to run sendmail and saslauthd (with no incoming mail other
than the nightly cron job output) for about 3 days with no apparent
problems, then started cyrus daemons.  About 12 hours later, the
problem struck again:

>  the system "hangs": can't
> authenticate, can't establish new ssh session or open new terminal
> window on console, can't execute commands like "top" or "ps uax"
> (though "ps" fine) in existing terminal session, can display static
> web page, can do most things in programs already open on console, but
> can't launch new ones.  Probem clears only with hard reboot.

There's a little more info in the logs this time:
imapd.log continues to have checkpoint messages from cyrus for the ~6
hours between the symptoms appearing and the reboot.  No messages in
secure.log or auth.log.  In system log, I see messages from cyrus
about checkpointing up to the time of the hang only.  This is
fiollowed by a block of garbage:

402 NULs
iamVjdACF
hAErHE5TTmF2RGlzcGxheU5hbWVGaWxlUHJvcGVydHmG                          
            </data>
<string>225</string>
<data>                                                                
            BAt0eXBlZHN0cmVhbYED6IQBQISEhAhOU1N0cmluZwGEhAhOU09iamVjdACF
                      hAErGE5TTmF2TW9kRGF0ZUZpbGVQcm9wZXJ0eYY=
</data>
<string>117</string>
</array>
<key>NSTableView Sort Ordering NSNavOutlineColumnSettings.v1</key>
<array>
<data>                                                                
            BAt0eXBlZHN0cmVhbYED6IQBQISEhAhOU1N0cmluZwGEhAhOU09iamVjdACF
                      hAErHE5TTmF2RGlzcGxheU5hbWVGaWxlUHJvcGVydHmG    
                                  </data>
<true/>
</array>
<key>NSWindow Frame NavigatorWindow</key>
<string>187 166 800 798 0 0 1280 1002 </string>
</dict>
</plist> 
1778 NULs
then the syslog startup message from the reboot.

secure.log has nothing from about 4 hours before the freeze until the
reboot, when I see

Apr 10 05:59:58 localhost com.apple.SecurityServer: Entering service
Apr 10 09:15:58 localhost com.apple.SecurityServer: Engine::authorize:
Rule::evalu\ate returned -60008 returning errAuthorizationInternal

 and sure enough, after the reboot, the machine dropped into the
console from loginwindow.  If I reboot again after copying the logs,
all is well.

(Actually, I initially saw two error messages, the first noting the
-60008 error, and the second from loginwindow stating that an
AuthorizationRef had no associated username.  To my shock, both the
original and a copy (with a different inode) now have the back end of
the error partially overwritten with the "AuthorizationInternal" above
and then subsequent normal log messages.)

I'm still baffled about the cause of the problem, though now I'm
starting to wonder whether there's something up with the disk cache or
driver, given the scribbling of what looks like a prefs fragment into
the syslog, and the odd persistence of a bad AuthorizationRef across a
reboot (???).

Does this make sense to anyone, or should I just trash the whole
system and reinstall from CD?


-- 
Regards,
Charles Bailey
Lists: bailey _dot_ charles _at_ gmail _dot_ com
Other: bailey _at_ newman _dot_ upenn _dot_ edu
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list