Bug 106940

Summary: saslpasswd2 generates error
Product: [Retired] Red Hat Linux Reporter: David Hart <davidhart>
Component: cyrus-saslAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED CANTFIX QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 9CC: drepper
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-10-18 18:05:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description David Hart 2003-10-13 20:58:05 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1) Gecko/20031009

Description of problem:
Error Message: "saslpasswd2: error deleting entry from sasldb: DB_NOTFOUND: No
matching key/data pair found"

This occurs on all machines including this client which is a clean install of RH9.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. saslpasswd2 -c [remainder of input line]

Actual Results:  "saslpasswd2: error deleting entry from sasldb: DB_NOTFOUND: No
matching key/data pair found"

sasldb2 produces (actual output):

test@main.TQMcube.com: userPassword

Expected Results:  sasldb2 username/password file, presumably with secrets.

Additional info:

I am no longer able to authenticate from Postfix which HAD been working. This
has resulted in having to revoke privileges to roaming users in order not to
create an open relay.

Comment 1 David Hart 2003-11-10 19:18:48 UTC
This problem continues with a clean (new) Fedora install.

Comment 2 Nalin Dahyabhai 2003-11-10 19:25:43 UTC
What does the remainder of the input line look like?  Running
'saslpasswd2 -c nalin' here produces no errors, and sasldblistusers2
lists the user and associated secret.

Comment 3 David Hart 2003-11-10 19:33:36 UTC
saslpasswd2 -c hart:

"Nov 10 14:31:34 dchws saslpasswd2: error deleting entry from sasldb:
DB_NOTFOUND: No matching key/data pair found
Nov 10 14:31:35 dchws last message repeated 2 times"


"hart@dchws.TQMcube.com: userPassword"

Fedora Core 1


Comment 4 Nalin Dahyabhai 2003-11-10 19:58:43 UTC
Again, no errors on my test system.  Is the system an i686 system or
something else?  Which kernel/glibc versions do you have installed?

Comment 5 David Hart 2003-11-10 20:08:42 UTC
Kernel = 2.4.22-1.2115.nptl
glibc = glibc-2.3.2-101

Again, this was a CLEAN, new install of Fedora. I am continuing to
have the same problem on the server running KORG
2.4.22/glibc-2.3.2-27.9. I was able to work around this for Postfix by
changing auxprop to saslauthd. 

I'm pretty sure this started when the SSL package was updated in
response to a potential exploit but I'm not certain.

Comment 6 Nalin Dahyabhai 2003-11-10 20:16:36 UTC
Which version of openssl is this?  I'm seeing the messages you're
mentioning in syslog, but not in my terminal, which explains that, but
they don't appear to be adversely affecting anything....

Comment 7 David Hart 2003-11-10 20:46:04 UTC

Since I started receiving these error messages I cannot use auxprop to
authenticate roaming users with Postfix. The reason that I am vague is
because we did not have any roaming users for several months.
Therefore, I cannot be more precise about what and when.

At LEAST I know that we both get the same error messages in the
syslog. I'm sorry that I was not specific about where I was seeing them.

Comment 8 Ulrich Drepper 2003-11-10 20:48:31 UTC
Can you run one of the simple tests which fail with strace and attach
the output?

I had some problem like this which turned out to be wrong access

Comment 9 David Hart 2003-11-10 21:02:45 UTC
I would if I knew how ;-)

I have not upgraded the server to Fedora yet. I was simply testing the
SASLPASSWD2 problem on a client machine to see if Fedora cleared it up.

The only testing that I have done in the past is to telnet into 25 and
try to authenticate. That is followed with a remote mail relay
attempt. To be sure, when I was trying to get auxprop to work I had
sasldb2 permissioned to the world - no dice.

I DON'T want to burden RH with my Postfix problems. In contrast, I was
hoping that resolution of the error message might resolve the problem.

As an aside, Fedora comes with a Postfix distribution with SMTP
authentication compiled in. Unfortunately, our setup requires a custom
compilation of a newer version. However, I am going to try to RH RPM
and see if that fares any better.

By the weekend I'll do the upgrade and re-test auxprop to see what
happens. Thanks for your courteous attention to this matter.

Comment 10 Nalin Dahyabhai 2003-11-10 21:16:09 UTC
Upon closer examination, the messages in your log appear to be
harmless -- they're the result of saslpasswd2 attempting to remove
secrets which might have been placed there by dbconverter-2, and
getting a non-fatal error when those secrets don't exist.

It does this to clean up after sasl1->sasl2 migrations. 
dbconverter-2, which converts a sasl1 sasldb to a sasl2 sasldb, can't
retrieve a user's plaintext password when it is run because sasl1
didn't store plaintext passwords in the sasldb.  As an interim, for
migration purposes, dbconverter-2 creates cmusaslsecret<MECH> secrets
which can be used by the non-plaintext mechanisms. The plugins
included with sasl2 can also use the plaintext userPassword to create
the needed secrets at run-time, so saslpasswd2 removes the
cmusaslsecret<MECH> secrets when it is run because they are no longer
needed for that user once a userPasswd has been set.

Comment 11 Mark J. Cox 2004-09-01 09:50:31 UTC
Since the messages are harmless I'm downgrading this to no longer be a
security severity bug and moving it to NEEDINFO to see if the auxprop
issue is still happening.

Comment 12 Bill Nottingham 2006-10-18 18:05:16 UTC
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still
running Red Hat Linux, you are strongly advised to upgrade to a
current Fedora Core release or Red Hat Enterprise Linux or comparable.
Some information on which option may be right for you is available at

Red Hat apologizes that these issues have not been resolved yet. We do
want to make sure that no important bugs slip through the cracks.
If this issue is still present in a current Fedora Core release, please
open a new bug with the relevant information.

Closing as CANTFIX.