Package: sasl2-bin Version: 2.1.23.dfsg1-6 Severity: critical Justification: breaks unrelated software
Using saslauthd in support of secure SMTP with postfix. saslauthd is configured to use pam. /etc/pam.d/smtp looks like this: account required pam_permit.so auth sufficient pam_winbind.so debug auth required pam_deny.so This is working fine - users can authenticate against Active Directory when sending email over secure ports 465 and 587 on Postfix. Once every two weeks or so, saslauthd requires a restart to fix a failure to authenticate. Nothing else needs to be touched to remedy the failure. When the failure appears, this is observed in the auth.log: Dec 5 15:45:22 myhostname saslauthd[32586]: PAM unable to dlopen(/lib/security/pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared object file: Too many open files Dec 5 15:45:22 myhostname saslauthd[32586]: PAM adding faulty module: /lib/security/pam_winbind.so Dec 5 15:45:22 myhostname saslauthd[32586]: PAM unable to dlopen(/lib/security/pam_deny.so): /lib/security/pam_deny.so: cannot open shared object file: Too many open files Dec 5 15:45:22 myhostname saslauthd[32586]: PAM adding faulty module: /lib/security/pam_deny.so Dec 5 15:45:22 myhostname saslauthd[32586]: PAM _pam_load_conf_file: unable to open /etc/pam.d/common-auth Dec 5 15:45:22 myhostname saslauthd[32586]: PAM error loading (null) Dec 5 15:45:22 myhostname saslauthd[32586]: PAM _pam_init_handlers: error reading /etc/pam.d/other Dec 5 15:45:22 myhostname saslauthd[32586]: PAM _pam_init_handlers: [Critical error - immediate abort] Dec 5 15:45:22 myhostname saslauthd[32586]: PAM error reading PAM configuration file Dec 5 15:45:22 myhostname saslauthd[32586]: PAM pam_start: failed to initialize handlers Dec 5 15:45:22 myhostname saslauthd[32586]: DEBUG: auth_pam: pam_start failed: Critical error - immediate abort Dec 5 15:45:22 myhostname saslauthd[32586]: do_auth : auth failure: [user=dteed] [service=smtp] [realm=] [mech=pam] [reason=PAM start error] Dec 5 15:45:32 myhostname saslauthd[32586]: server_exit : master exited: 32586 Dec 5 15:45:32 myhostname saslauthd[1696]: detach_tty : master pid is: 1696 Dec 5 15:45:32 myhostname saslauthd[1696]: ipc_init : listening on socket: /var/run/saslauthd/mux saslauthd was used on a Redhat Enterprise 5.5 system in an identical configuration prior to this without a problem. The package on Redhat is cyrus-sasl-2.1.22-5.el5_4.3 -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages sasl2-bin depends on: ii db4.8-util 4.8.30-2 Berkeley v4.8 Database Utilities ii debconf [debconf-2.0] 1.5.36 Debian configuration management sy ii libc6 2.11.2-7 Embedded GNU C Library: Shared lib ii libcomerr2 1.41.12-2 common error description library ii libdb4.8 4.8.30-2 Berkeley v4.8 Database Libraries [ ii libgssapi-krb5-2 1.8.3+dfsg-2 MIT Kerberos runtime libraries - k ii libk5crypto3 1.8.3+dfsg-2 MIT Kerberos runtime libraries - C ii libkrb5-3 1.8.3+dfsg-2 MIT Kerberos runtime libraries ii libkrb5support0 1.8.3+dfsg-2 MIT Kerberos runtime libraries - S ii libldap-2.4-2 2.4.23-7 OpenLDAP libraries ii libpam0g 1.1.1-6.1 Pluggable Authentication Modules l ii libsasl2-2 2.1.23.dfsg1-6 Cyrus SASL - authentication abstra ii libssl0.9.8 0.9.8o-3 SSL shared libraries ii lsb-base 3.2-23.1 Linux Standard Base 3.2 init scrip sasl2-bin recommends no packages. sasl2-bin suggests no packages. -- Configuration Files: /etc/default/saslauthd changed: START=yes DESC="SASL Authentication Daemon" NAME="saslauthd" MECHANISMS="pam" MECH_OPTIONS="" THREADS=5 OPTIONS="-c -m /var/run/saslauthd" -- debconf information: cyrus-sasl2/upgrade-sasldb2-failed: cyrus-sasl2/backup-sasldb2: /var/backups/sasldb2.bak cyrus-sasl2/upgrade-sasldb2-backup-failed: cyrus-sasl2/purge-sasldb2: false -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org