Bug#286046: exim4 cannot connect to saslauthd
Klaus Schiwinsky
Klaus.Schiwinsky@uni-koeln.de, 286046@bugs.debian.org
Fri, 17 Dec 2004 05:39:49 +0100
Package: exim4
Version: 4-34.8
If the authenticator plain_saslauthd in /etc/exim4/exim4.conf.template
is activated, authentication does not work and the following message
shows up in /var/log/exim4/mainlog:
2004-12-17 03:57:40 plain_saslauthd authenticator failed for
([172.24.0.1]) [172.24.0.1]: 435 Unable to authenticate at present
(set_id=kinsky): cannot connect to saslauthd daemon at
/var/run/saslauthd/mux: Permission denied
This is correct as the following output documents:
laudanum:/# ls -ld /var/run/saslauthd/
drwx--x--- 2 root sasl 4096 Dec 17 04:15 /var/run/saslauthd/
laudanum:/# id Debian-exim
uid=103(Debian-exim) gid=103(Debian-exim) groups=103(Debian-exim)
BTW: The o=rwx rights to mux are useless as they cannot be used
without the corresponding directory rights:
laudanum:/# ls -l /var/run/saslauthd/
srwxrwxrwx 1 root root 0 Dec 17 04:15 mux
-rw------- 1 root root 0 Dec 17 04:15 mux.accept
-rw------- 1 root root 5 Dec 17 04:15 saslauthd.pid
Possible solutions:
1. Make Debian-exim member of group sasl
This is the "cyrus solution" which is right now the only
member of sasl. The sasl group is only used in two places:
laudanum:/# find / -group sasl
/var/run/saslauthd
/etc/sasldb2
But there is a small catch in this solution:
It would allow Debian-exim to write to /etc/sasldb2.
laudanum:/# l /etc/sasldb2
-rw-rw---- 1 root sasl 12288 Oct 31 17:52 /etc/sasldb2
2. chown o+x /var/run/saslauthd
This would allow Debian-exim to write to mux - and anybody
else who knows the filename.
At least, this would make useful the o=rwx rights to mux.
3. ???
Greetings
Klaus Schiwinsky