Bug#286046: exim4 cannot connect to saslauthd
Debian Bug Tracking System
Tue, 21 Dec 2004 12:33:13 -0800
Your message dated Tue, 21 Dec 2004 21:22:21 +0100
with message-id <20041221202221.GM2374@downhill.at.eu.org>
and subject line Bug#286046: exim4 cannot connect to saslauthd
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
Date: Fri, 17 Dec 2004 05:39:49 +0100
From: Klaus Schiwinsky <Klaus.Schiwinsky@uni-koeln.de>
Package: exim4
Version: 4-34.8
If the authenticator plain_saslauthd in /etc/exim4/exim4.conf.template
is activated, authentication does not work and the following message
shows up in /var/log/exim4/mainlog:
2004-12-17 03:57:40 plain_saslauthd authenticator failed for
([]) []: 435 Unable to authenticate at present
(set_id=kinsky): cannot connect to saslauthd daemon at
/var/run/saslauthd/mux: Permission denied
This is correct as the following output documents:
laudanum:/# ls -ld /var/run/saslauthd/
drwx--x--- 2 root sasl 4096 Dec 17 04:15 /var/run/saslauthd/
laudanum:/# id Debian-exim
uid=103(Debian-exim) gid=103(Debian-exim) groups=103(Debian-exim)
BTW: The o=rwx rights to mux are useless as they cannot be used
without the corresponding directory rights:
laudanum:/# ls -l /var/run/saslauthd/
srwxrwxrwx 1 root root 0 Dec 17 04:15 mux
-rw------- 1 root root 0 Dec 17 04:15 mux.accept
-rw------- 1 root root 5 Dec 17 04:15 saslauthd.pid
Possible solutions:
1. Make Debian-exim member of group sasl
This is the "cyrus solution" which is right now the only
member of sasl. The sasl group is only used in two places:
laudanum:/# find / -group sasl
But there is a small catch in this solution:
It would allow Debian-exim to write to /etc/sasldb2.
laudanum:/# l /etc/sasldb2
-rw-rw---- 1 root sasl 12288 Oct 31 17:52 /etc/sasldb2
2. chown o+x /var/run/saslauthd
This would allow Debian-exim to write to mux - and anybody
else who knows the filename.
At least, this would make useful the o=rwx rights to mux.
3. ???
Klaus Schiwinsky
On 2004-12-17 Andreas Metzler <ametzler@downhill.at.eu.org> wrote:
> On 2004-12-17 Klaus Schiwinsky <Klaus.Schiwinsky@uni-koeln.de> wrote:
> > Package: exim4
> > Version: 4-34.8
> > If the authenticator plain_saslauthd in /etc/exim4/exim4.conf.template
> > is activated, authentication does not work and the following message
> > shows up in /var/log/exim4/mainlog:
> That's documented not to work.
> /usr/share/doc/exim4-base/README.SMTP-AUTH
> | You have to add the exim-user (currently Debian-exim) to the sasl[1]
> | group[2], to give exim permission to use the saslauthd service.
Therefore I am closing this bug.
cu andreas
