Bug 106940 - saslpasswd2 generates error
saslpasswd2 generates error
Status: CLOSED CANTFIX
Product: Red Hat Linux
Classification: Retired
Component: cyrus-sasl (Show other bugs)
9
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-10-13 16:58 EDT by David Hart
Modified: 2007-04-18 12:58 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-10-18 14:05:16 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Hart 2003-10-13 16:58:05 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1) Gecko/20031009

Description of problem:
Error Message: "saslpasswd2: error deleting entry from sasldb: DB_NOTFOUND: No
matching key/data pair found"

This occurs on all machines including this client which is a clean install of RH9.


Version-Release number of selected component (if applicable):
2.1.10-4

How reproducible:
Always

Steps to Reproduce:
1. saslpasswd2 -c [remainder of input line]
2.
3.
    

Actual Results:  "saslpasswd2: error deleting entry from sasldb: DB_NOTFOUND: No
matching key/data pair found"

sasldb2 produces (actual output):

test@main.TQMcube.com: userPassword



Expected Results:  sasldb2 username/password file, presumably with secrets.

Additional info:

I am no longer able to authenticate from Postfix which HAD been working. This
has resulted in having to revoke privileges to roaming users in order not to
create an open relay.
Comment 1 David Hart 2003-11-10 14:18:48 EST
This problem continues with a clean (new) Fedora install.
Comment 2 Nalin Dahyabhai 2003-11-10 14:25:43 EST
What does the remainder of the input line look like?  Running
'saslpasswd2 -c nalin' here produces no errors, and sasldblistusers2
lists the user and associated secret.
Comment 3 David Hart 2003-11-10 14:33:36 EST
saslpasswd2 -c hart:

"Nov 10 14:31:34 dchws saslpasswd2: error deleting entry from sasldb:
DB_NOTFOUND: No matching key/data pair found
Nov 10 14:31:35 dchws last message repeated 2 times"

salsdblistusers2

"hart@dchws.TQMcube.com: userPassword"

Fedora Core 1

cyrus-sasl-2.1.15-6
cyrus-sasl-devel-2.1.15-6
Comment 4 Nalin Dahyabhai 2003-11-10 14:58:43 EST
Again, no errors on my test system.  Is the system an i686 system or
something else?  Which kernel/glibc versions do you have installed?
Comment 5 David Hart 2003-11-10 15:08:42 EST
686
Kernel = 2.4.22-1.2115.nptl
glibc = glibc-2.3.2-101

Again, this was a CLEAN, new install of Fedora. I am continuing to
have the same problem on the server running KORG
2.4.22/glibc-2.3.2-27.9. I was able to work around this for Postfix by
changing auxprop to saslauthd. 

I'm pretty sure this started when the SSL package was updated in
response to a potential exploit but I'm not certain.
Comment 6 Nalin Dahyabhai 2003-11-10 15:16:36 EST
Which version of openssl is this?  I'm seeing the messages you're
mentioning in syslog, but not in my terminal, which explains that, but
they don't appear to be adversely affecting anything....
Comment 7 David Hart 2003-11-10 15:46:04 EST
openssl-0.9.7a-23

Since I started receiving these error messages I cannot use auxprop to
authenticate roaming users with Postfix. The reason that I am vague is
because we did not have any roaming users for several months.
Therefore, I cannot be more precise about what and when.

At LEAST I know that we both get the same error messages in the
syslog. I'm sorry that I was not specific about where I was seeing them.
Comment 8 Ulrich Drepper 2003-11-10 15:48:31 EST
Can you run one of the simple tests which fail with strace and attach
the output?

I had some problem like this which turned out to be wrong access
permissions.
Comment 9 David Hart 2003-11-10 16:02:45 EST
I would if I knew how ;-)

I have not upgraded the server to Fedora yet. I was simply testing the
SASLPASSWD2 problem on a client machine to see if Fedora cleared it up.

The only testing that I have done in the past is to telnet into 25 and
try to authenticate. That is followed with a remote mail relay
attempt. To be sure, when I was trying to get auxprop to work I had
sasldb2 permissioned to the world - no dice.

I DON'T want to burden RH with my Postfix problems. In contrast, I was
hoping that resolution of the error message might resolve the problem.

As an aside, Fedora comes with a Postfix distribution with SMTP
authentication compiled in. Unfortunately, our setup requires a custom
compilation of a newer version. However, I am going to try to RH RPM
and see if that fares any better.

By the weekend I'll do the upgrade and re-test auxprop to see what
happens. Thanks for your courteous attention to this matter.
Comment 10 Nalin Dahyabhai 2003-11-10 16:16:09 EST
Upon closer examination, the messages in your log appear to be
harmless -- they're the result of saslpasswd2 attempting to remove
secrets which might have been placed there by dbconverter-2, and
getting a non-fatal error when those secrets don't exist.

It does this to clean up after sasl1->sasl2 migrations. 
dbconverter-2, which converts a sasl1 sasldb to a sasl2 sasldb, can't
retrieve a user's plaintext password when it is run because sasl1
didn't store plaintext passwords in the sasldb.  As an interim, for
migration purposes, dbconverter-2 creates cmusaslsecret<MECH> secrets
which can be used by the non-plaintext mechanisms. The plugins
included with sasl2 can also use the plaintext userPassword to create
the needed secrets at run-time, so saslpasswd2 removes the
cmusaslsecret<MECH> secrets when it is run because they are no longer
needed for that user once a userPasswd has been set.
Comment 11 Mark J. Cox (Product Security) 2004-09-01 05:50:31 EDT
Since the messages are harmless I'm downgrading this to no longer be a
security severity bug and moving it to NEEDINFO to see if the auxprop
issue is still happening.
Comment 12 Bill Nottingham 2006-10-18 14:05:16 EDT
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still
running Red Hat Linux, you are strongly advised to upgrade to a
current Fedora Core release or Red Hat Enterprise Linux or comparable.
Some information on which option may be right for you is available at
http://www.redhat.com/rhel/migrate/redhatlinux/.

Red Hat apologizes that these issues have not been resolved yet. We do
want to make sure that no important bugs slip through the cracks.
If this issue is still present in a current Fedora Core release, please
open a new bug with the relevant information.

Closing as CANTFIX.

Note You need to log in before you can comment on or make changes to this bug.