Annoying log message "DIGEST-MD5 common mech free"

Bug #827151 reported by Brezhonneg on 2011-08-16
80
This bug affects 15 people
Affects Status Importance Assigned to Milestone
Cyrus-sasl2
New
Unknown
cyrus-sasl2 (Debian)
Fix Released
Unknown
cyrus-sasl2 (Ubuntu)
Low
Unassigned
Trusty
Low
Unassigned
Xenial
Low
Unassigned
Yakkety
Undecided
Unassigned

Bug Description

I recently updated the libsasl2-modules to 2.1.24~rc1.dfsg1+cvs2011-05-23-4ubuntu1 in oneiric.
That triggered the bug also described in Debian here: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631932

The annoying message is logged in auth.log. In my case, it is associated with svnserve:
svnserve: DIGEST-MD5 common mech free

I'm not exactly sure what action triggers the message, but I can investigate more if required.

$ lsb_release -rd
Description: Ubuntu oneiric (development branch)
Release: 11.10

Brezhonneg (fricompte) wrote :

Apparently, this message is logged whenever I commit a file to svn through SSH:

auth.log:

sshd[1085]: Accepted publickey for sylvain from *IP here* port xx ssh2
svnserve: DIGEST-MD5 common mech free

The first one is me connecting to svn through SSH, the second line comes 1 second later and is the annoying one that makes no sense at all...

This problem still occurs with libsasl2-modules 2.1.24~rc1.dfsg1+cvs2011-05-23-4ubuntu2

Dave Walker (davewalker) on 2011-08-19
Changed in cyrus-sasl2 (Ubuntu):
status: New → Confirmed
importance: Undecided → Low
Changed in cyrus-sasl2 (Debian):
status: Unknown → New
yamo (stephane-gregoire) wrote :

Hi,

I have it with libsasl2-modules 2.1.25.dfsg1-5.

On my system it is nnrpd which is logging that (on a INN2 server).

Sebastien Senechal (altagir) wrote :

libsasl2-modules 2.1.25.dfsg1-6
from commit through svn+ssh

Changed in cyrus-sasl2 (Debian):
status: New → Fix Committed
Changed in cyrus-sasl2 (Debian):
status: Fix Committed → Fix Released
Tom Hager (duke-l) wrote :

Hi,

it seems this bug re-appeared in Xenial:

# lsb_release -rd
Description: Ubuntu 16.04.1 LTS
Release: 16.04

# dpkg -l libsasl2-modules
ii libsasl2-modules:amd64 2.1.26.dfsg1-14b amd64

Aug 18 02:37:30 xxx slapcat: DIGEST-MD5 common mech free
Aug 18 02:37:30 xxx slapcat: message repeated 9 times: [ DIGEST-MD5 common mech free]
Aug 18 03:37:30 xxx slapcat: DIGEST-MD5 common mech free
Aug 18 03:37:30 xxx slapcat: message repeated 9 times: [ DIGEST-MD5 common mech free]
Aug 18 04:37:29 xxx slapcat: DIGEST-MD5 common mech free
Aug 18 04:37:30 xxx slapcat: message repeated 9 times: [ DIGEST-MD5 common mech free]
Aug 18 05:37:30 xxx slapcat: DIGEST-MD5 common mech free

Cheers,
Tom.

hackel (hackel) wrote :

Confirmed, this is incredibly annoying. In my case, it's coming from PHP. I've got 44k of such messages in my auth.log file that covers just the last 3.5 days, and 16k of those were actually "repeated x times" messages! All coming from php or php7.0 (both pointing to the same php7.0-cli binary). I believe this is because I use php-mongodb extensively, which uses libsasl2-2.

libsasl2-modules 2.1.25.dfsg1-17build1 on Ubuntu 14.04.

hackel (hackel) wrote :

FYI: The solution Debian implemented was quite trivial. Simply create the file /etc/logcheck/ignore.d.server/libsasl2-modules:
\w{3} [ :0-9]{11} [._[:alnum:]-]+ [._[:alnum:]-]+: DIGEST-MD5 common mech free

It doesn't actually fix the problem, it just ignores the pointless log messages.

hackel (hackel) wrote :

FYI: From https://bugs.archlinux.org/task/44945:

Comment by Jan de Groot (JGC) - Thursday, 04 June 2015, 08:01 GMT
These messages are logged at debug level, you can change syslog config to filter out debug messages.

I will not remove this from Cyrus SASL, as debug logging is the only way to debug issues with SASL when not running interactive, for example when running a mailserver.

Changed in cyrus-sasl2:
status: Unknown → New
Nish Aravamudan (nacc) wrote :

Fixed in Debian with 2.1.26.dfsg1-8, per the other bug.

@duke-l, can you confirm this still occurs with Xenial? Given that Xenial shipped with 2.1.26.dfsg1-14build1, which should have the corresponding fix.

@hackel, it seems like you are possibly not using entirely Ubuntu packages (given no php7.0 in 14.04), so it's not entirely clear if your use-case is justification for the 14.04 backport, but I'll open tasks to consider it at least, given the underlying issue is in the Ubuntu package.

Changed in cyrus-sasl2 (Ubuntu):
status: Confirmed → Fix Released
Changed in cyrus-sasl2 (Ubuntu Yakkety):
status: New → Fix Released
Changed in cyrus-sasl2 (Ubuntu Xenial):
status: New → Incomplete
Changed in cyrus-sasl2 (Ubuntu Trusty):
status: New → Triaged
importance: Undecided → Low
Changed in cyrus-sasl2 (Ubuntu Xenial):
importance: Undecided → Low
Tom Hager (duke-l) wrote :

Hi Nish,

yup, this still occurs:

root@xxx:~# slapcat -l /tmp/ldap.ldif
root@xxx:~# tail -10 /var/log/auth.log|grep slapcat
Dec 21 13:46:28 xxx slapcat: DIGEST-MD5 common mech free

Cheers,
Tom.

Hajo Locke (hajo-locke) wrote :

Hello,

we also see hundreds lines like this in xenial.

ii libsasl2-modules:amd64 2.1.26.dfsg1-14build1 amd64

File /etc/logcheck/ignore.d.server/libsasl2-modules with content suggested by hackel is already existent in xenial, it is part of package libsasl2-modules but seems not to work.

Hajo

Miguel Ibarra (miguel.ibarra) wrote :

Hello

Also in xenial but in the apache log I found

Jun 20 10:44:05 localhost apache2: DIGEST-MD5 common mech free
Jun 20 10:44:53 localhost apache2: message repeated 22 times: [ DIGEST-MD5 common mech free]

dpkg -l libsasl2-modules
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-=============================-===================-===================-===============================================================
ii libsasl2-modules:amd64 2.1.26.dfsg1-14buil amd64 Cyrus SASL - pluggable authentication modules

Cheers
Miguel

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.