cyrus-imapd/sasl on MacOS X 10.3.8: hang vs fail?

Charles Bailey bailey.charles at
Thu Mar 17 12:12:15 EST 2005

I'm trying to set up a small mail service on a machine running OS X
10.3.8 (not Server; it's a small operation), and have run into several
problems.  I'm posting a summary to both the Cyrus and Darwin lists in
the hope that someone more knowledgeable than I will have been over
this ground, or at least be able to point me in the right direction. 

OS: Darwin 7.8.0 Darwin Kernel Version 7.8.0: Wed Dec 22
14:26:17 PST 2004; root:xnu/xnu-517.11.1.obj~1/RELEASE_PPC  Power
Macintosh powerpc

Prior services running (for some time without problems): OpenSSH, Apache, MySQL

First try:
Built cyrus SASL 2.1.20 from source with 
./configure --enable-static --enable-shared  --with-pam=/usr --with-openssl \
    --with-saslauthd=/var/run/saslauthd  --with-mysql=/usr/local \
    --with-dbpath=/usr/local/etc/sasldb  --with-plugindir=/usr/local/lib/sasl2
Built cyrus imapd 2.2.12 from source (hacking config* to treat
'Darwin' like 'Rhapsody' and
various C source files to skip sys/msg.h) with
./configure --with-pidfile=/var/run/cyrus/
--with-cyrus-prefix=/usr/local/cyrus \
    --with-cyrus-user=cyrus --with-cyrus-group=mail  --enable-listext
--enable-gssapi \
    --with-bdb=/usr/local/BerkeleyDB.4.3/ --with-openssl  
    --with-perl=/usr/local/bin/perl --with-libwrap --without-snmp
Built sendmail 8.3.13 from source with (among other things):
   APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS')
   APPENDDEF(`conf_sendmail_LIBS', `-lssl -lcrypto')
   APPENDDEF(`conf_sendmail_ENVDEF', `-DSASL=2')
   APPENDDEF(`conf_sendmail_LIBS', `-L/usr/local/lib -lsasl2')
Installed alll of above, with
/usr/local/lib/sasl2/(Sendmail|Cyrus).conf reading:
pwcheck_method: saslauthd
and saslauthd -a pam started, and /etc/pam.d/(smtp|imap) identical to login
This starts fine, and smtptest and imtest using PLAIN over TLS
authenticates successfully using "regular" password.  However, after
the third or fourth login attempt, the system "hangs": can't
authenticate, can't establish new ssh session or open new terminal
window on console, can't execute commands like "top" or "ps uax"
(though "ps" fine) in existing terminal session, can display static
web page, can do most things in programs already open on console, but
can't launch new ones.  Probem clears only with hard reboot.  No error
messages in system.log, auth.log, mail.log, imap.log.  This has the
feel of a deadlock or resource leak, perhaps around PAM, since ssh and
various OS X services are affected, but I'm not sure where to look

Second try (thinking perhaps having 2 sets of sasl libraries around
made for some collisions):
Removed installed /usr/local/lib/sasl2/*
Built saslauthd only from cyrus SASL 2.1.20  with 
./configure --enable-static --enable-shared  --with-pam=/usr --with-openssl \
    --with-saslauthd=/var/run/saslauthd  --with-mysql=/usr/local \
    --with-dblib=berkeley --disable-anonymous --without-gdbm --disable-otp 
at top level, but only building in saslauthd
Built cyrus imapd 2.2.12 from source (hacking config* to treat
'Darwin' like 'Rhapsody',
various C source files to skip sys/msg.h, and version.c to skip call
to sasl_version(), which is missing in libsasl supplied with OS X)
./configure --with-pidfile=/var/run/cyrus/
--with-cyrus-prefix=/usr/local/cyrus \
    --with-cyrus-user=cyrus --with-cyrus-group=mail  --enable-listext
--enable-gssapi \
    --with-bdb=/usr/local/BerkeleyDB.4.3/ --with-openssl   --with-sasl=/usr
    --with-perl=/usr/local/bin/perl --with-libwrap --without-snmp
Built sendmail 8.3.13 with same config as above
Installed new binaries, moved (Sendmail|Cyrus).conf to /usr/lib/sasl2,
started saslauthd then sendmail or cyrus-master, but 'imaptest -t ""
-m plain -u bailey' fails with
Mar 17 09:27:59 localhost saslauthd[448]: get_accept_lock : acquired accept lock
Mar 17 09:29:29 localhost imap[468]: auxpropfunc error -1 
Mar 17 09:29:29 localhost imap[468]: _sasl_plugin_load failed on
sasl_auxprop_plug_init for plugin: uxprop
Mar 17 09:29:35 localhost imap[468]: unknown password verifier 
Mar 17 09:29:35 localhost imap[468]: Password verification failed

I'm guessing this latter error has to do with behavior of the
Apple-supplied libsasl2 and plugins, but looking over the source from
opendarwin hasn't given me much of a clue yet.

Does this look familiar to anyone?  Pointers to TFM/TFS/TFWeb welcome.
 I'm also happy to supply more info if it'd be useful;I didn't want to
litter the lists with yet more log droppings.

Thanks for any help you can offer.

Charles Bailey
Lists: bailey _dot_ charles _at_ gmail _dot_ com
Other: bailey _at_ newman _dot_ upenn _dot_ edu
Cyrus Home Page:
Cyrus Wiki/FAQ:
List Archives/Info:

More information about the Info-cyrus mailing list