Bug#606350: sasl2-bin: "Too many open files" error with PAM - recovery with saslauthd restart

dteed donald.teed at gmail.com
Wed Dec 8 13:20:13 UTC 2010 

Package: sasl2-bin
Version: 2.1.23.dfsg1-6
Severity: critical
Justification: breaks unrelated software


Using saslauthd in support of secure SMTP with postfix.
saslauthd is configured to use pam.

/etc/pam.d/smtp looks like this:

account     required    pam_permit.so
auth        sufficient    pam_winbind.so debug
auth        required      pam_deny.so

This is working fine - users can authenticate against Active Directory
when sending email over secure ports 465 and 587 on Postfix.

Once every two weeks or so, saslauthd requires a restart to fix
a failure to authenticate.  Nothing else needs to be touched
to remedy the failure.

When the failure appears, this is observed in the auth.log:

Dec 5 15:45:22 myhostname saslauthd[32586]: PAM unable to dlopen(/lib/security/pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared object file: Too many open files Dec 5 15:45:22 myhostname saslauthd[32586]: PAM adding faulty module: /lib/security/pam_winbind.so
Dec 5 15:45:22 myhostname saslauthd[32586]: PAM unable to dlopen(/lib/security/pam_deny.so): /lib/security/pam_deny.so: cannot open shared object file: Too many open files
Dec 5 15:45:22 myhostname saslauthd[32586]: PAM adding faulty module: /lib/security/pam_deny.so
Dec 5 15:45:22 myhostname saslauthd[32586]: PAM _pam_load_conf_file: unable to open /etc/pam.d/common-auth
Dec 5 15:45:22 myhostname saslauthd[32586]: PAM error loading (null)
Dec 5 15:45:22 myhostname saslauthd[32586]: PAM _pam_init_handlers: error reading /etc/pam.d/other
Dec 5 15:45:22 myhostname saslauthd[32586]: PAM _pam_init_handlers: [Critical error - immediate abort]
Dec 5 15:45:22 myhostname saslauthd[32586]: PAM error reading PAM configuration file
Dec 5 15:45:22 myhostname saslauthd[32586]: PAM pam_start: failed to initialize handlers
Dec 5 15:45:22 myhostname saslauthd[32586]: DEBUG: auth_pam: pam_start failed: Critical error - immediate abort
Dec 5 15:45:22 myhostname saslauthd[32586]: do_auth : auth failure: [user=dteed] [service=smtp] [realm=] [mech=pam] [reason=PAM start error]
Dec 5 15:45:32 myhostname saslauthd[32586]: server_exit : master exited: 32586
Dec 5 15:45:32 myhostname saslauthd[1696]: detach_tty : master pid is: 1696
Dec 5 15:45:32 myhostname saslauthd[1696]: ipc_init : listening on socket: /var/run/saslauthd/mux


saslauthd was used on a Redhat Enterprise 5.5 system in an identical configuration prior to this
without a problem.  The package on Redhat is cyrus-sasl-2.1.22-5.el5_4.3


-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages sasl2-bin depends on:
ii  db4.8-util                4.8.30-2       Berkeley v4.8 Database Utilities
ii  debconf [debconf-2.0]     1.5.36         Debian configuration management sy
ii  libc6                     2.11.2-7       Embedded GNU C Library: Shared lib
ii  libcomerr2                1.41.12-2      common error description library
ii  libdb4.8                  4.8.30-2       Berkeley v4.8 Database Libraries [
ii  libgssapi-krb5-2          1.8.3+dfsg-2   MIT Kerberos runtime libraries - k
ii  libk5crypto3              1.8.3+dfsg-2   MIT Kerberos runtime libraries - C
ii  libkrb5-3                 1.8.3+dfsg-2   MIT Kerberos runtime libraries
ii  libkrb5support0           1.8.3+dfsg-2   MIT Kerberos runtime libraries - S
ii  libldap-2.4-2             2.4.23-7       OpenLDAP libraries
ii  libpam0g                  1.1.1-6.1      Pluggable Authentication Modules l
ii  libsasl2-2                2.1.23.dfsg1-6 Cyrus SASL - authentication abstra
ii  libssl0.9.8               0.9.8o-3       SSL shared libraries
ii  lsb-base                  3.2-23.1       Linux Standard Base 3.2 init scrip

sasl2-bin recommends no packages.

sasl2-bin suggests no packages.

-- Configuration Files:
/etc/default/saslauthd changed:
START=yes
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="pam"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-c -m /var/run/saslauthd"


-- debconf information:
  cyrus-sasl2/upgrade-sasldb2-failed:
  cyrus-sasl2/backup-sasldb2: /var/backups/sasldb2.bak
  cyrus-sasl2/upgrade-sasldb2-backup-failed:
  cyrus-sasl2/purge-sasldb2: false

More information about the Pkg-cyrus-sasl2-debian-devel mailing list