From owner-freebsd-stable@FreeBSD.ORG  Sun Jul 18 13:52:20 2010
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1812A106564A
	for <freebsd-stable@freebsd.org>; Sun, 18 Jul 2010 13:52:20 +0000 (UTC)
	(envelope-from reko.turja@liukuma.net)
Received: from www.liukuma.net (www.liukuma.net [IPv6:2001:470:28:38a::1])
	by mx1.freebsd.org (Postfix) with ESMTP id B016C8FC16
	for <freebsd-stable@freebsd.org>; Sun, 18 Jul 2010 13:52:19 +0000 (UTC)
Received: from www.liukuma.net (localhost [127.0.0.1])
	by www.liukuma.net (Postfix) with ESMTP id 26FFD1CC5A;
	Sun, 18 Jul 2010 16:52:18 +0300 (EEST)
X-DKIM: Sendmail DKIM Filter v2.8.3 www.liukuma.net 26FFD1CC5A
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=liukuma.net;
	s=liukudkim; t=1279461138;
	bh=88DJ5OyTc+fxspntALiGULg8p28dVvEpt7w0LDVb89o=;
	h=Message-ID:From:To:Cc:References:In-Reply-To:Subject:Date:
	MIME-Version:Content-Type:Content-Transfer-Encoding;
	b=mHQfPywKK644Hbii/CM1w2bDc24tO711KAvn2SW8rbpvKTxa9lDFBcd7RhgmeV9fx
	XVku/UVuH3i3XzTfH69dPLroYAIHLmNLeMmTqrlJYstC8UCD7RjNrWzbNRqnk97UU6
	VKQDu8Va543/aqOFktK0XgM7XOJoBBr4tXzzR5F8=
X-Virus-Scanned: amavisd-new at liukuma.net
Received: from www.liukuma.net ([127.0.0.1])
	by www.liukuma.net (www.liukuma.net [127.0.0.1]) (amavisd-new,
	port 10026)
	with ESMTP id X4ubqJt0nJcq; Sun, 18 Jul 2010 16:52:15 +0300 (EEST)
Received: from rivendell (a91-155-174-194.elisa-laajakaista.fi
	[91.155.174.194]) (using TLSv1 with cipher RC4-MD5 (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: ignatz@www.liukuma.net)
	by www.liukuma.net (Postfix) with ESMTPSA id E64A11CC59;
	Sun, 18 Jul 2010 16:52:14 +0300 (EEST)
X-DKIM: Sendmail DKIM Filter v2.8.3 www.liukuma.net E64A11CC59
Message-ID: <C02937BFFC334B91B645D6EB6287B4FF@rivendell>
From: "Reko Turja" <reko.turja@liukuma.net>
To: "Benjamin Lee" <ben@b1c1l1.com>
References: <EF24D143F0AF49AD9B27F838AFA0A6F4@rivendell>	<20100716110427.GA1939@icarus.home.lan>	<20100716111000.GA2501@icarus.home.lan>	<7AD0E8F6044245DEA6C218A28F08FB99@rivendell>	<20100716122446.GA3241@icarus.home.lan>	<B06E2DF2032C480AA3094E2F561911AF@rivendell>	<20100716135102.GA5625@icarus.home.lan>	<alpine.BSF.2.00.1007170834400.32465@unqrf.nqzva.sez2>	<20100717134149.GA40907@icarus.home.lan>	<677C8B72CF414265A0819E4824212BB5@rivendell>
	<20100717144120.GA42230@icarus.home.lan>
	<4C41F34E.2030309@b1c1l1.com>
In-Reply-To: <4C41F34E.2030309@b1c1l1.com>
Date: Sun, 18 Jul 2010 16:52:21 +0300
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1";
	reply-type=original
Content-Transfer-Encoding: quoted-printable
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 14.0.8089.726
X-MimeOLE: Produced By Microsoft MimeOLE V14.0.8089.726
Cc: "Mikhail T." <mi+thun@aldan.algebra.com>,
	Jeremy Chadwick <freebsd@jdc.parodius.com>,
	freebsd-stable@freebsd.org, Joerg Pulz <Joerg.Pulz@frm2.tum.de>,
	Henrik /KaarPoSoft <henrik@kaarposoft.dk>
Subject: Re: openldap client GSSAPI authentication segfaults in
	fbsd8stablei386
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Jul 2010 13:52:20 -0000

After manually changing the gssapi header used in=20
/usr/src/include/rpc/rpcsec_gss.h to somewhat klunky "#include=20
"/usr/src/crypto/heimdal/lib/gssapi/gssapi/gssapi.h"" system csupped=20
yesterday built okay and after rebuilding cyrus-sasl, saslauthd and=20
cyrus I get the following failures in log:

Jul 18 16:37:35 moria perl: GSSAPI Error:  Miscellaneous failure (see=20
text)^B (open(/tmp/krb5cc_0): No such file or directory)

-This is expected behaviour as Kerberos was not running at the moment,=20
but with Benjamin's patch Kerberos/GSSAPI spat out a meaningful error=20
message

After dusting off my old Kerberos setup, doing basic kinit and running=20
cyradm localhost I got:

Jul 18 16:39:00 moria perl: GSSAPI Error:  Miscellaneous failure (see=20
text) (Server (imap/localhost@XXX.DOMAIN.COM) unknown)

-Again expected as there is no imap trust relationship defined.

So at least after cursory testing it looks like that with Benjamin's=20
patch there is a working GSSAPI/Kerberos backend available, instead of=20
something that chokes on passed parameters that are ok for every other=20
tested gssapi implementation.

Of course, more thorough testing in proper kerberised/LDAP environment=20
needs to be done, which is something I haven't got time at the moment.

-Reko=20