On 01/12/09 14:39 -0600, Cliff Hayes wrote:
1) how do join the cyrus-sasl list?
http://cyrusimap.web.cmu.edu/lists.html
2) I do not have an /etc/saslauthd.conf ... here is the contents of
/etc/sysconfig/saslauthd:
SOCKETDIR=/var/run/saslauthd
#MECH=pam
MECH=shadow
FLAGS=
3) Here is my saslauthd-releated sendmail config options:
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
After sending my help request below, I decided to expand them to:
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
PLAIN')dnl
4) where would I put the option to increase threads? Do you have a
recommendation for 3200 users?
I don't know that the number of threads is an issue, particularly if you
are using pam or shadow. I would not expect you to need more, but if for
some reason you're hitting a resource limit, you can try changing your
FLAGS= entry in /etc/sysconfig/saslauthd to:
FLAGS="-n 10"
5) how do I upgrade to 2.1.23 if not listed in yum? I can't use the
binaries since I'm using Fedora 11 rpms installed via yum.
You could compile your own, or see if there is a cyrus list within the
Fedora camp that could assist you.
6) I noticed this on my newer system (2.1.23) ... it says in
/etc/sysconfig/saslauthd:
# Options sent to the saslauthd. If the MECH is other than "pam" uncomment
the next line.
#DAEMONOPTS=--user saslauth
but when I do that and restart saslauthd I get this:
/etc/sysconfig/saslauthd: line 11: saslauth: command not found
line 11 is the DAEMONOPTS=--user saslauth
That appears to be specific to the Fedora init script. I'm guessing there
are missing double quotes around "--user saslauth". You may or may not be
able to read the shadow file with that enabled (depending on the
permissions that you have set on your shadow file)..
-----Original Message-----
From: Dan White [mailto:dwhite@xxxxxxx]
Sent: Tuesday, December 01, 2009 11:41 AM
To: Cliff Hayes
Cc: cyrus-sasl@xxxxxxxxxxxxxxxxxxxx
Subject: Re: saslauthd stops working
On 01/12/09 09:51 -0600, Cliff Hayes wrote:
We have 3200 users using a sendmail/dovecot/saslauthd server. I just
upgraded to new hardware and Fedora 11. Since then saslauthd randomly
stops
working. I have tried auth modes of both pam and shadow and that has not
helped. Currently using shadow.
This morning users were complaining they could not send mail. Further
research revealed log entries like the following started at 17:48 and
continued on till morning for everyone until I did a service saslauthd
restart:
Nov 30 17:48:29 sendmail saslauthd[1646]: do_auth : auth failure:
[user=sjcca1] [service=smtp] [realm=] [mech=shadow] [reason=Unknown]
I can find no log entries other than the above so nothing to go on. The
only thing I can see is that 99% of users have no realm in the log entries.
Why a few do and most don't is a mystery to me.
I am using version 2.1.22 - I have another server which has 2.1.23 so I
know
a new version is out there.
When I run yum update it does not report that a newer version of saslauthd
will be installed, so not sure how to get the newer version or if that will
help.
Cliff,
I'm moving this discussion to the cyrus-sasl list since it appears to be
the most appropriate location.
Can you provide your saslauthd configuration or startup options (e.g.
/etc/default/saslauthd)? Also include your /etc/saslauthd.conf if you have
one.
Can you provide your sasl related sendmail config?
The existence of a realm may depend on the client implementation.
By default, saslauthd runs with 5 threads. You can increase it with the -n
option.
Try using testsaslauthd to help troubleshoot when the problem is happening.
--
Dan White
