From: Rob Siemborski (no email)
Date: Tue Dec 21 2004 - 13:51:27 EST
On Mon, 13 Dec 2004, David Lee wrote:
> System: Linux Redhat Fedora Core 2. Includes:
> sendmail-8.12.11-4.6
> cyrus-sasl-md5-2.1.18-2.2
> cyrus-sasl-2.1.18-2.2
> cyrus-sasl-devel-2.1.18-2.2
> cyrus-sasl-plain-2.1.18-2.2
>
> I have just tried sendmail STARTTLS operation on this. So I adjust
> "/etc/sysconfig/saslauthd" to use "pam" (our users are in NIS, with the
> passwords in Active Directory):
> /usr/sbin/saslauthd -m /var/run/saslauthd -a pam
> (and I see 5 such processes).
>
> It runs for a while, successfully authenticating TLS connections. Then
> something happens (no idea what), and sendmail no longer authenticates.
> Upon investigation most, or all, of these "saslauthd" processes have
> disappeared (crashed? null-pointer-like?). A "service saslauthd restart"
> fixes it.
>
> Does this ring any bells? Are there known sendmail/sasl interaction
> problems (which only kick in after a time) on Redhat FC2?
>
> I see that the next version of Redhat, namely, FC3 offers versions
> of cyrus-sasl numbered 2.1.19-3. Do these fix known bugs (crashes?) in
> this area?
PAM modules are notoriously badly written, it wouldn't surprise me if they
were leaking memory, file descriptors, or crashing althogether. You don't
normally notice it because most pam-using applications are one-shot, while
saslauthd is long running.
> If I'm going to have to debug this, any suggestions of what options to
> turn on ("-d"? syslog things?) to pursue it?
-n 0 is likely to "solve" your problem, at a performance penalty.
The real answer is to contact the author of your pam module and have them
stress test it a bit.
-Rob
---------------------------------------------------------------------
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper
|
|
|