Bug#638045: warning: xsasl_cyrus_server_get_mechanism_list: no mechanism available

Sven Joachim svenjoac at gmx.de
Wed Aug 17 13:05:32 UTC 2011 

[ CC'ing postfix maintainer for his opinion. ]

On 2011-08-17 13:53 +0200, Luca Capello wrote:

> On Wed, 17 Aug 2011 11:59:19 +0200, Stefano Zacchiroli wrote:
>> On Tue, Aug 16, 2011 at 09:54:14PM +0200, Johnny Morano wrote:
>>> Postfix is unable to receive mail and unable to send mail via SASL
>>> authentication, after installing the updates of today.  These are the
>>> error messages:
>>
>> I can reproduce this in Sid.
>
> /me too.
>
>> Reverting both "libsasl2-2" and "libsasl2-modules" to version
>> 2.1.23.dfsg1-7 fixes the problem.
>
> FWIW, reverting to 2.1.24~rc1.dfsg1+cvs2011-05-23-4 is enough.
>
> BTW, if you use Cyrus SASL authentication in Postfix, you can not
>      actually revert libsasl2-2 and libsasl2-modules only, but you need
>      to revert sasl2-bin as well because of its versioned dependency.
>
>> I'm setting severity as serious, as it breaks pretty heavily mail
>> delivery for SASL-based postfix configuration. I'm also marking the bug
>> as affecting postfix, as many people will probably look for some issue
>> there.
>
> Thank you, indeed I did not find it during a first look, maybe the title
> should be changed to reflect the IMHO most common error?  In my case:
>
>   C61E120DDD     2071 Wed Aug 17 10:45:55  luca at pca.it
>   (SASL authentication failed; cannot authenticate to server \
>    home.pca.it[83.211.85.135]: no mechanism available)
>                                          debian-publicity at lists.debian.org


Here is what I got:

,----
| Aug 17 14:16:59 turtle postfix/smtp[28566]: warning: SASL authentication failure: No worthy mechs found
| Aug 17 14:16:59 turtle postfix/smtp[28566]: 4BD0A3F4F6: SASL authentication failed; cannot authenticate to server mail.gmx.net[213.165.64.20]: no mechanism available
`----

Postfix's SASL_README has this interesting information:

,----
|     SASL authentication failure: No worthy mechs found
| 
|     Note
| 
|     This same error message will also be logged when the libplain.so or
|     liblogin.so modules are not installed in the /usr/lib/sasl2 directory.
`----

And /usr/lib/sasl2 is hardcoded in postfix, see
src/xsasl/xsasl_cyrus_log.c:

int xsasl_getpath(void * context, char ** path)
{
#if SASL_VERSION_MAJOR >= 2
    *path = concatenate(var_config_dir, "/", "sasl:/usr/lib/sasl2", (char *) 0);
#else
    *path = concatenate(var_config_dir, "/", "sasl:/usr/lib/sasl", (char *) 0);
#endif
    return SASL_OK;
}

So this bug has been triggered by the switch to multiarch paths in
cyrus-sasl2, and postfix is to blame for hardcoding /usr/lib/sasl2.

Cheers,
       Sven

More information about the Pkg-cyrus-sasl2-debian-devel mailing list