From owner-freebsd-questions@FreeBSD.ORG Fri Nov 12 18:19:15 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B375D1065674 for ; Fri, 12 Nov 2010 18:19:15 +0000 (UTC) (envelope-from elon@emmi.physik-pool.tu-berlin.de) Received: from emmi.physik-pool.tu-berlin.de (emmi.physik-pool.tu-berlin.de [130.149.58.146]) by mx1.freebsd.org (Postfix) with ESMTP id 3CEA98FC29 for ; Fri, 12 Nov 2010 18:19:14 +0000 (UTC) Received: from emmi.physik-pool.tu-berlin.de (localhost.physik-pool.tu-berlin.de [127.0.0.1]) by emmi.physik-pool.tu-berlin.de (8.14.4/8.14.4) with ESMTP id oACIJD28099532; Fri, 12 Nov 2010 19:19:13 +0100 (CET) (envelope-from elon@emmi.physik-pool.tu-berlin.de) Received: (from elon@localhost) by emmi.physik-pool.tu-berlin.de (8.14.4/8.14.4/Submit) id oACIJC6s099531; Fri, 12 Nov 2010 19:19:12 +0100 (CET) (envelope-from elon) Date: Fri, 12 Nov 2010 19:19:12 +0100 From: Leon =?iso-8859-15?Q?Me=DFner?= To: Joerg Pulz Message-ID: <20101112181912.GD8921@emmi.physik-pool.tu-berlin.de> References: <20101110170053.GE95441@emmi.physik-pool.tu-berlin.de> <20101112163630.GB8921@emmi.physik-pool.tu-berlin.de> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.20 (2009-06-14) Cc: Leon =?iso-8859-15?Q?Me=DFner?= , freebsd-questions@freebsd.org Subject: Re: How do we like our base kerberos? Will it flee soon? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Nov 2010 18:19:15 -0000 On Fri, Nov 12, 2010 at 06:03:33PM +0100, Joerg Pulz wrote: > On Fri, 12 Nov 2010, Leon Meßner wrote: > > > On Thu, Nov 11, 2010 at 04:22:57PM +0100, Joerg Pulz wrote: > >> On Wed, 10 Nov 2010, Leon Meßner wrote: > > Did exactly as told and everything worked fine. Im currently in the > > process of rebuilding gssapi dependent software. Will tell if it fixed > > my issue. > > Hi, > > good to hear that everything went fine for you. > If you're using 8.x you should remove some of the leftover kerberos/gssapi > libraries by yourself as the ObsoleteFiles list is still incomplete in > 8.x and 'make delete-old delete-old-libs' will not remove everything. > E.g. > in /usr/lib and /usr/lib32 > libasn1* libgssapi* libhdb* libheimntlm* libhx509* > libkadm5* libkafs5* libkrb5* > in /usr/libexec > kcm It looks like i do also still have the old kerberos tools (kinit,kadmin etc.) in the base prefix and they do now segfault: /libexec/ld-elf.so.1: Shared object "libkafs5.so.10" not found, required by "kinit" # ls /usr/local/lib/libkafs* /usr/local/lib/libkafs.a /usr/local/lib/libkafs.la /usr/local/lib/libkafs.so /usr/local/lib/libkafs.so.5 > Btw. > If you're using security/cyrus-sasl2 with GSSAPI please take a look at > PR/152071. Using that. Patch applied and build cleanly. saslauthd starts as expected. But i do have some problems now getting tickets. This machine is a kerberos slave. if i start ipropd-slave with local kdc running i get: krb5_get_init_creds: Client (iprop/lise.physik-pool.tu-berlin.de@PCPOOL.PHYSIK.TU-BERLIN.DE) unknown when local kdc is not running authentication works but i get: ipropd-slave[28610]: connection successful to master: marie.physik-pool.tu-berlin.de[130.149.58.147] ipropd-slave[28610]: ipropd-slave started at version: 10166 ipropd-slave[28610]: db->open: dbm_open(/var/heimdal/heimdal): Inappropriate file type or format Which i can understand because the db is at /var/heimdal/heimdal.db which in turn is correctly specified in /etc/krb5.conf. Are there any config syntax changes between 0.6.3 and 1.4, so i have to modify my krb5.conf ? Thanks, Leon