The Silent Woman

Ben Scott dragonhawk at gmail.com
Wed Apr 2 20:30:18 EDT 2008


[order of quotes re-arranged for editorial purposes]

On Wed, Apr 2, 2008 at 10:29 AM, Jim Kuzdrall <gnhlug at intrel.com> wrote:
>     "Sending failed: Authorization failed, An error occurred during
>  authentication: SASL(-4): no mechanism available; No worthy mechs
>  found; authentication not supported."

  SASL is an API and meta-protocol for authentication.  Rather than
every program (like KMail) and protocol (like SMTP) having to worry
about the details of authentication, they can just hook into SASL.
SASL supports various authentication mechanisms (plain text passwords,
MD5 hashed shared secrets, public keys, etc.).  Which mechanism to use
gets negotiated during SASL session setup.

  The above message seems to indicate that SASL is being used, but
then KMail can't find any authentication mechanisms which will satisfy
the ISP.

On Wed, Apr 2, 2008 at 12:54 PM, Jim Kuzdrall <gnhlug at intrel.com> wrote:
> There may be a damaged binary in there.

  I don't think it's a corrupt binary, per se.  It seems too
well-behaved a problem for that.  However, I do suspect it may be
package related.  SASL is modular, and perhaps SuSE packages some of
the authentication mechanisms separately, and you don't have those
packages installed.  A Google search for that error message seems to
find others have similar symptoms with that cause.

  Does SuSE give you a way to of search their package repository for
"sasl"?  If so, do so, and install any likely suspects.  For example,
on the Fedora 8 system I'm typing this on:

	yum list *sasl*

yields several packages, including "cyrus-sasl-md5" and
"cyrus-sasl-plain", each of which implement an authentication
mechanism.

  You may also want to try running KMail from the shell prompt in an
xterm, and watching for any error messages being spewed on stdout.
One of the Google matches mentioned seeing such from KMail.

> It is beginning to look to me like a binary flaw in one of the
> executables.  I can takes some rpms out then reinstall them at level 3,
> rather than starting a complete reinstall.

  Rather than doing that, you can have RPM check your installed
packages.  It will report changed files (checksums, permissions,
dates, etc.) and known broken dependencies and conflicts.  As root,
run:

	rpm --verify --all

You may want to redirect the output to a file, or pipe it into
less(1), etc.  Be warned that it can take awhile.  RPM will report
everything that's different about every file.  That includes config
files (marked with a "c "), so not every indication is a cause for
alarm.

  But check the SASL packages first.

> I don't seem to be getting as far as the isp based on watching the
> red/blue activity on the dialup monitor.

  In that vein, I would suggest watching the SMTP transaction with a
packet sniffer.  That will tell you what is *really* going on, as far
as the protocols are concerned.  Wireshark (formerly known as
Ethereal) is pretty good for this.

  In the GUI: Do Capture -> Interface.  Locate the dial-up interface
(usually "ppp0") and click "Options".  For the capture filter, enter
"tcp port 25" (without the quotes).  Click "Start".  Attempt to send
mail.  Let the error happen.  Capture -> Stop.

  But check the SASL packages first.  :)

-- Ben


More information about the gnhlug-discuss mailing list