The Exim 4 source code supports authentication with SASL since version 4.43. Debian started enabling this feature in exim4_4.50-2. After I’ve had upgraded to that version and replaced my saslauthd authenticators with brand-new cyrus_sasl authenticators, I’ve noticed that auth.log
got flooded with entries like ‘exim4: OTP unavailable because can't read/write key database /etc/opiekeys: No such file or directory
.’
My exim configuration uses three different cyrus_sasl authenticators and each exim invocation resulted in three of these OTP warnings because exim calls sasl_listmech()
for each configured authenticator. It doesn’t specify a limiting mech_list
, that means SASL will test which of all installed mechs actually can be used for authentication. Debian’s SASL package includes libotp.so
, so it also tries to use OTP which is not configured on my system.
There are two ways to get rid off the warnings:
- Remove
/usr/lib/sasl2/libotp.*
. You’ll have to do this after each upgrade of the libsasl2-modules package. - Rebuild exim with this patch. The patch specifies a limiting
mech_list
option for SASL. This limitssasl_listmech()
to the mechs used in the exim configuration. Other mechs won’t be tried anymore.
May 3rd, 2005: A slightly modified version of the patch has been integrated into Exim CVS and will be included in the next Debian release of exim4 (see Debian bug #299743)