- Previous message: Hajimu UMEMOTO: "Re: FreeBSD install using ports"
- In reply to: ms419 at freezone dot co dot uk: "Re: saslauthd and pam_krb5"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
|
|
|
From: Jeremy Rumpf (jrumpf at heavyload dot net)
Date: Sat Mar 13 2004 - 15:50:52 EST
On Friday 12 March 2004 05:16 am, ms419 at freezone dot co dot uk wrote:
> Unfortunately, saslauthd doesn't perform normally, as expected: It
> fails to authenticate and dies:
>
> ---
>
> tor:~# ps aux | grep saslauthd
> root 12923 0.0 0.5 5868 1456 ? S Mar11 0:00
> /usr/sbin/saslauthd -a pam
> root 19872 0.0 0.1 1536 456 pts/1 S 02:08 0:00 grep sasl
>
> ---
>
> Mar 12 02:08:24 tor imap(pam_unix)[12926]: check pass; user unknown
> Mar 12 02:08:24 tor imap(pam_unix)[12926]: authentication failure;
> logname= uid=0 euid=0 tty= ruser= rhost=
> Mar 12 02:08:24 tor krb5kdc[607]: AS_REQ (6 etypes {16 5 23 3 2 1})
> 192.168.103.158: NEEDED_PREAUTH: jablko at LAT for krbtgt/LAT at LAT,
> Additional pre-authentication required
> Mar 12 02:08:25 tor krb5kdc[607]: AS_REQ (6 etypes {16 5 23 3 2 1})
> 192.168.179.81: ISSUE: authtime 1079086105, etypes {rep=16 tkt=16
> ses=16}, jablko at LAT for krbtgt/LAT at LAT
> Mar 12 02:08:25 tor saslauthd[12923]: ipc_loop : socket accept
> failure
> Mar 12 02:08:25 tor saslauthd[12923]: ipc_loop : accept:
> Interrupted system call
> Mar 12 02:08:25 tor cyrus/imapd[19878]: size read failed
>
> ---
>
> tor:~# ps aux | grep sasl
> root 19885 0.0 0.1 1536 456 pts/1 S 02:10 0:00 grep sasl
>
> ---
>
> So, I think I'm supposed to use the kerberos5 mechanism instead, but
> I'd like to use my PAM stack - and I haven't found a clear explanation
> of why saslauthd and pam_krb5 don't play nice ...
>
> Thanks,
>
> Jack
>
>
Ok, the socket accept thing is probably a red herring. That's the current
saslauthd accept caller trapping a signal (probably SIGCHLD) , which is
probably due to the previous accept caller getting a SIGSEGV or something
nasty. Notice the pids, process in PAM is 12926, the accept() error is 12923.
Can you recompile saslauthd with debug information (gcc -g) and get a core
dump. You might need to set a ulimit in your startup script.
ulimit -c unlimited or something
If you can't recompile, set the ulimit and then run it from the command line
in debug mode with something like:
saslauthd -d -V <other options>
If you can get a core file, send it to me offline with whatever additional
information on your setup.
FWIW, every investigation I've done on saslauthd/PAM the problem has been in
the PAM libs and not saslauthd. PAM can be shakey...
Cheers,
Jeremy
|
|
|