From owner-freebsd-stable@FreeBSD.ORG Mon Sep 21 15:21:13 2009 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B40DF1065670; Mon, 21 Sep 2009 15:21:13 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from esa-annu.mail.uoguelph.ca (esa-annu.mail.uoguelph.ca [131.104.91.36]) by mx1.freebsd.org (Postfix) with ESMTP id 4CB7A8FC27; Mon, 21 Sep 2009 15:21:12 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoEAH42t0qDaFvJ/2dsb2JhbADSXIQbBYFY X-IronPort-AV: E=Sophos;i="4.44,424,1249272000"; d="scan'208";a="47096960" Received: from ganges.cs.uoguelph.ca ([131.104.91.201]) by esa-annu-pri.mail.uoguelph.ca with ESMTP; 21 Sep 2009 11:21:12 -0400 Received: from localhost (localhost.localdomain [127.0.0.1]) by ganges.cs.uoguelph.ca (Postfix) with ESMTP id A515DFB8063; Mon, 21 Sep 2009 11:21:11 -0400 (EDT) X-Virus-Scanned: amavisd-new at ganges.cs.uoguelph.ca Received: from ganges.cs.uoguelph.ca ([127.0.0.1]) by localhost (ganges.cs.uoguelph.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id easzy9JgMNGW; Mon, 21 Sep 2009 11:21:01 -0400 (EDT) Received: from muncher.cs.uoguelph.ca (muncher.cs.uoguelph.ca [131.104.91.102]) by ganges.cs.uoguelph.ca (Postfix) with ESMTP id 23243FB8042; Mon, 21 Sep 2009 11:21:01 -0400 (EDT) Received: from localhost (rmacklem@localhost) by muncher.cs.uoguelph.ca (8.11.7p3+Sun/8.11.6) with ESMTP id n8LFQdh00245; Mon, 21 Sep 2009 11:26:39 -0400 (EDT) X-Authentication-Warning: muncher.cs.uoguelph.ca: rmacklem owned process doing -bs Date: Mon, 21 Sep 2009 11:26:39 -0400 (EDT) From: Rick Macklem X-X-Sender: rmacklem@muncher.cs.uoguelph.ca To: George Mamalakis In-Reply-To: <4AB768C3.6030003@eng.auth.gr> Message-ID: References: <4AB27FB6.4010806@eng.auth.gr> <20090918034933.GI1231@rwpc12.mby.riverwillow.net.au> <20090918233157.GK1231@rwpc12.mby.riverwillow.net.au> <20090921012855.GA1001@rwpc12.mby.riverwillow.net.au> <4AB768C3.6030003@eng.auth.gr> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-current@freebsd.org, freebsd-stable , dfr@rabson.org Subject: Re: SASL problems with spnego on 8.0-BETA4 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Sep 2009 15:21:13 -0000 On Mon, 21 Sep 2009, George Mamalakis wrote: [stuff snipped] >> >> SUCCESS! >> >> So, this fix obviates THAT reason for installing the Heimdal port. If >> George meets with similar success adding -lgssapi_spnego for his spnego >> problem, I suggest that both libraries be added to the list in line 96 >> of /usr/bin/krb5-config prior to release of FreeBSD 8.0. >> >> It doesn't look like this fix is as simple as submitting a patch to >> krb5-config. It looks like magic needs to happen somewhere in the base >> kerberos build system. >> >> I notice that the Heimdal port doesn't build the separate libraries and >> everything seems to be included in libgssapi (which explains why sasl2 >> "works" when linked against the Heimdal port). >> >> > Guys, > > I changed my /usr/bin/krb5-config's line 96 to include -lgssapi_spnego and > -lgssapi_krb5, and ever since both client and server work correctly!! Of > course I get some other error, but at least this must be a configuration > error :). > > So, to sum up: > > Still running on fbsd.8-BETA4, changed krb5-config to include the missing > libraries, recompiled cyrus-sasl-2.1.23 after I changed the krb5-config, > restarted openldap-sasl-server-2.4.18_1 and after performing an ldapsearch, > the client does not complain (and exits) about missing libraries, NOR does > the server crash on sasl authentication. > > Great job guys, thank you all very very much for your help! I posted my query > on the 17th of Sep. and in four days (weekend inclusive!) someone came up > with an answer that resolves my issue! Great job, once more, and thank you > all again! > Now, hopefully someone who understands enough about dynamic linking will know if this is the correct fix for 8.0? (I'm going on a couple of weeks vacation at the end of this week, so I won't be around to commit anything and don't understand it well enough to know if this is the correct way to fix it.) So, hopefully someone else can pick this one up? Thanks for testing it, rick