Bug#286046: marked as done (exim4 cannot connect to saslauthd)
Debian Bug Tracking System
owner@bugs.debian.org
Tue, 21 Dec 2004 12:33:13 -0800
Your message dated Tue, 21 Dec 2004 21:22:21 +0100
with message-id <20041221202221.GM2374@downhill.at.eu.org>
and subject line Bug#286046: exim4 cannot connect to saslauthd
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 17 Dec 2004 04:39:47 +0000
>From Klaus.Schiwinsky@uni-koeln.de Thu Dec 16 20:39:47 2004
Return-path: <Klaus.Schiwinsky@uni-koeln.de>
Received: from mail1.rrz.uni-koeln.de [134.95.100.208]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cf9u6-0007yZ-00; Thu, 16 Dec 2004 20:39:46 -0800
Received: from [80.141.175.129] (p508DAF81.dip.t-dialin.net [80.141.175.129])
(authenticated as user acp61 bits=0)
by mail1.rrz.Uni-Koeln.DE (8.13.1/8.13.1) with ESMTP id iBH4dWp8028501
(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT)
for <submit@bugs.debian.org>; Fri, 17 Dec 2004 05:39:44 +0100 (MET)
Message-ID: <41C26315.9070901@uni-koeln.de>
Date: Fri, 17 Dec 2004 05:39:49 +0100
From: Klaus Schiwinsky <Klaus.Schiwinsky@uni-koeln.de>
Reply-To: Klaus.Schiwinsky@uni-koeln.de
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20041007 Debian/1.7.3-5
X-Accept-Language: de, fr, eo, en
MIME-Version: 1.0
To: submit@bugs.debian.org
Subject: exim4 cannot connect to saslauthd
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new
X-Scanned-By: MIMEDefang 2.48 on 134.95.19.44
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: exim4
Version: 4-34.8
If the authenticator plain_saslauthd in /etc/exim4/exim4.conf.template
is activated, authentication does not work and the following message
shows up in /var/log/exim4/mainlog:
2004-12-17 03:57:40 plain_saslauthd authenticator failed for
([172.24.0.1]) [172.24.0.1]: 435 Unable to authenticate at present
(set_id=kinsky): cannot connect to saslauthd daemon at
/var/run/saslauthd/mux: Permission denied
This is correct as the following output documents:
laudanum:/# ls -ld /var/run/saslauthd/
drwx--x--- 2 root sasl 4096 Dec 17 04:15 /var/run/saslauthd/
laudanum:/# id Debian-exim
uid=103(Debian-exim) gid=103(Debian-exim) groups=103(Debian-exim)
BTW: The o=rwx rights to mux are useless as they cannot be used
without the corresponding directory rights:
laudanum:/# ls -l /var/run/saslauthd/
srwxrwxrwx 1 root root 0 Dec 17 04:15 mux
-rw------- 1 root root 0 Dec 17 04:15 mux.accept
-rw------- 1 root root 5 Dec 17 04:15 saslauthd.pid
Possible solutions:
1. Make Debian-exim member of group sasl
This is the "cyrus solution" which is right now the only
member of sasl. The sasl group is only used in two places:
laudanum:/# find / -group sasl
/var/run/saslauthd
/etc/sasldb2
But there is a small catch in this solution:
It would allow Debian-exim to write to /etc/sasldb2.
laudanum:/# l /etc/sasldb2
-rw-rw---- 1 root sasl 12288 Oct 31 17:52 /etc/sasldb2
2. chown o+x /var/run/saslauthd
This would allow Debian-exim to write to mux - and anybody
else who knows the filename.
At least, this would make useful the o=rwx rights to mux.
3. ???
Greetings
Klaus Schiwinsky
---------------------------------------
Received: (at 286046-done) by bugs.debian.org; 21 Dec 2004 20:22:20 +0000
>From ametzler@downhill.at.eu.org Tue Dec 21 12:22:20 2004
Return-path: <ametzler@downhill.at.eu.org>
Received: from m26s25.vlinux.de [83.151.30.59] ([Qxgk+Ynm2C+o+TH//uNEczGF0AE/90Q8])
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CgqWS-0006S3-00; Tue, 21 Dec 2004 12:22:20 -0800
Received: from m-134-246.adsl.univie.ac.at ([131.130.134.246])
by m26s25.vlinux.de with asmtp (Exim 4.34)
id 1CgqWw-0004Hj-D4
for 286046-done@bugs.debian.org; Tue, 21 Dec 2004 20:22:50 +0000
Received: from ametzler by downhill.univie.ac.at with local (cert-ver=0) (Exim 4.34)
id 1CgqWT-0004zf-1O
for 286046-done@bugs.debian.org; Tue, 21 Dec 2004 21:22:21 +0100
Date: Tue, 21 Dec 2004 21:22:21 +0100
From: Andreas Metzler <ametzler@downhill.at.eu.org>
To: 286046-done@bugs.debian.org
Subject: Re: Bug#286046: exim4 cannot connect to saslauthd
Message-ID: <20041221202221.GM2374@downhill.at.eu.org>
References: <41C26315.9070901@uni-koeln.de> <20041217085927.GA2988@downhill.at.eu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20041217085927.GA2988@downhill.at.eu.org>
X-GPG-Fingerprint: BCF7 1345 BE42 B5B8 1A57 EE09 1D33 9C65 8B8D 7663
User-Agent: Mutt/1.5.6+20040907i
X-Spam-Score: 0.0 (/)
Delivered-To: 286046-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
On 2004-12-17 Andreas Metzler <ametzler@downhill.at.eu.org> wrote:
> On 2004-12-17 Klaus Schiwinsky <Klaus.Schiwinsky@uni-koeln.de> wrote:
> > Package: exim4
> > Version: 4-34.8
> > If the authenticator plain_saslauthd in /etc/exim4/exim4.conf.template
> > is activated, authentication does not work and the following message
> > shows up in /var/log/exim4/mainlog:
[...]
> That's documented not to work.
> /usr/share/doc/exim4-base/README.SMTP-AUTH
> | You have to add the exim-user (currently Debian-exim) to the sasl[1]
> | group[2], to give exim permission to use the saslauthd service.
Therefore I am closing this bug.
cu andreas
--
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"
http://downhill.aus.cc/