Bug#299743: exim4: Only try configured mechs in cyrus_sasl authenticator

Juergen Kreileder Juergen Kreileder <jk@blackdown.de>, 299743@bugs.debian.org
Wed, 16 Mar 2005 08:13:37 +0100


Marc Haber <mh+debian-packages@zugschlus.de> writes:

> On Wed, Mar 16, 2005 at 05:16:44AM +0100, Juergen Kreileder wrote:
>> I've configured cyrus_sasl like described in #299732, ie. I'm using
>> three mechs: PLAIN, LOGIN and CRAM-MD5.
>>
>> But something is trying to use OTP.  /var/log/auth.log get's
>> flooded with:
>>
>> ,---- | Mar 16 04:33:47 server exim4: OTP unavailable because can't
>> read/write key database /etc/opiekeys: No such file or directory |
>> Mar 16 04:33:47 server last message repeated 2 times | Mar 16
>> 04:41:17 server send-mail: OTP unavailable because can't read/write
>> key database /etc/opiekeys: No such file or directory | Mar 16
>> 04:41:17 server last message repeated 2 times `----
>>
>> I think the authenticator should only try mechs which are actually
>> specified in the configuration.
>
> Can you run exim4 -d -bh a.b.c.d and try the authentication
> manually?

That would require some reconfiguration, I only accept AUTH over TLS
with a valid certificate normally.

The message gets generated for ALL mails, it's not triggered by AUTH.

> I'd like to see debug output. Also, it looks like the log entries
> are not created by exim as exim doesn't use syslog, so its messages
> are unlikely to show up in auth.log.

The message comes from SASL (in particualar libotp.so).  AFAIK if you
don't specify which mechs to use, SASL tries all from /usr/lib/sasl2.

Cyrus-2.1 with 'sasl_mech_list: PLAIN LOGIN DIGEST-MD5 CRAM-MD5 NTLM'
works without generating the OTP errors in auth.log.


        Juergen

-- 
Juergen Kreileder, Blackdown Java-Linux Team
http://blog.blackdown.de/