From owner-freebsd-current@FreeBSD.ORG Sat Feb 28 18:17:57 2009 Return-Path: Delivered-To: current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1757410656C9; Sat, 28 Feb 2009 18:17:57 +0000 (UTC) (envelope-from tmclaugh@sdf.lonestar.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id EF58C8FC13; Sat, 28 Feb 2009 18:17:56 +0000 (UTC) (envelope-from tmclaugh@sdf.lonestar.org) Received: from straycat.dhs.org (root@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n1SIHtDo015425; Sat, 28 Feb 2009 18:17:56 GMT (envelope-from tmclaugh@sdf.lonestar.org) Received: from tomcat.straycat.dhs.org (tomcat.straycat.dhs.org [192.168.3.130]) by straycat.dhs.org (8.14.1/8.14.1) with ESMTP id n1SIFFoP009388; Sat, 28 Feb 2009 13:15:16 -0500 (EST) Message-ID: <49A97F2E.3030005@sdf.lonestar.org> Date: Sat, 28 Feb 2009 13:15:10 -0500 From: Tom McLaughlin User-Agent: Thunderbird 2.0.0.19 (X11/20090105) MIME-Version: 1.0 To: Harti Brandt References: <49A69B74.1080201@sdf.lonestar.org> In-Reply-To: <49A69B74.1080201@sdf.lonestar.org> X-Enigmail-Version: 0.95.6 Content-Type: multipart/mixed; boundary="------------080309080603080505040906" Cc: kazakov@gmail.com, current@freebsd.org Subject: Re: problem with nss_ldap X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Feb 2009 18:17:57 -0000 This is a multi-part message in MIME format. --------------080309080603080505040906 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Tom McLaughlin wrote: > Harti Brandt wrote: >> On Sun, 18 Jan 2009, Hartmut.Brandt@dlr.de wrote: >>> Both create entries in /var/log/messages like: >>> >>> Jan 18 20:00:02 knopdnsimu13f cron[1495]: GSSAPI Error: Miscellaneous failure (see text)???????????????ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ Z > Z >> ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ >>> Jan 18 20:00:02 knopdnsimu13f kernel: ZZZZZZZZZZZZZZZZ >>> >>> I've tried to figure out in which of the dozens of layered libraries (gss, sasl, ssl, ......) this error is generated but did not find anything. >>> >>> This is on amd64, krb5 enabled in pam, gssapi disabled in sshd_config (as I said, this worked before). >> So to answer my own mail: I made a link from the kerberos ticket file >> which contains the host ticket (and is specified in nss_ldap.conf) to >> /tmp/krb5cc_0. I've no idea why this is suddenly necessary, though. > > There may be an issue with the env method used in nss_ldap to change the > credentials cache. My mind is fuzzy but I do recall a similar issue but > don't remember the exact cause or case. nss_ldap has a second > configurable ccname method which when I submitted the original patch I > intended to switch to once we had a newer heimdal. Once I get nss_ldap > working on my box I intend to submit another patch. > > tom Hi Harti (CC maintainer), Can you try the attached patch for nss_ldap? This should cause the host ticket to work correctly on -CURRENT. It's "my box approved". tom -- | tmclaugh at sdf.lonestar.org tmclaugh at FreeBSD.org | | FreeBSD http://www.FreeBSD.org | --------------080309080603080505040906 Content-Type: text/plain; name="nss_ldap-krb5-ccname-gssapi.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="nss_ldap-krb5-ccname-gssapi.diff" Index: Makefile =================================================================== RCS file: /ncvs/ports/net/nss_ldap/Makefile,v retrieving revision 1.27 diff -u -r1.27 Makefile --- Makefile 5 Jan 2009 19:04:27 -0000 1.27 +++ Makefile 28 Feb 2009 05:21:19 -0000 @@ -33,11 +33,17 @@ CONFIGURE_ARGS= --with-ldap-conf-file=${PREFIX}/etc/nss_ldap.conf \ --with-ldap-secret-file=${PREFIX}/etc/nss_ldap.secret \ --enable-rfc2307bis \ - --enable-paged-results \ - --enable-configurable-krb5-ccname-env + --enable-paged-results MAN5= nss_ldap.5 +.include +.if ${OSVERSION} >= 800064 +CONFIGURE_ARGS+=--enable-configurable-krb5-ccname-gssapi +.else +CONFIGURE_ARGS+=--enable-configurable-krb5-ccname-env +.endif + post-extract: ${CP} ${FILESDIR}/bsdnss.c ${WRKSRC} @@ -49,4 +55,4 @@ ${INSTALL_MAN} ${WRKSRC}/${MAN5} ${MAN5PREFIX}/man/man5 ${SED} -e "s,%%PREFIX%%,${PREFIX},g" ${PKGMESSAGE} -.include +.include --------------080309080603080505040906--