From owner-freebsd-stable@FreeBSD.ORG Wed Jul 14 08:42:37 2010 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3E89D106567A for ; Wed, 14 Jul 2010 08:42:37 +0000 (UTC) (envelope-from reko.turja@liukuma.net) Received: from www.liukuma.net (www.liukuma.net [IPv6:2001:470:28:38a::1]) by mx1.freebsd.org (Postfix) with ESMTP id D23008FC1F for ; Wed, 14 Jul 2010 08:42:36 +0000 (UTC) Received: from www.liukuma.net (localhost [127.0.0.1]) by www.liukuma.net (Postfix) with ESMTP id AB1B21CC69; Wed, 14 Jul 2010 11:42:35 +0300 (EEST) X-DKIM: Sendmail DKIM Filter v2.8.3 www.liukuma.net AB1B21CC69 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=liukuma.net; s=liukudkim; t=1279096955; bh=G8/74z/ATjRDKdlFm7e6JkXRTo4SwhzqonYn19uu5Tw=; h=Message-ID:From:To:Cc:References:In-Reply-To:Subject:Date: MIME-Version:Content-Type:Content-Transfer-Encoding; b=tNs1C5PDu+UYvxB0npGdc7NUGGaEvalwU9kMYXeGCC347jtugs5H6ZIeSnmgI+x9R n86t9kQLm5ed/kML8fkQ2AJ1haVyvLF3zRywqmbKIZrUkj8jTYMxXV7bpQ/1G7RKFs VfPwJNE4PSrxjDDeXTzQIMj3m402/C+OxfWlqF5E= X-Virus-Scanned: amavisd-new at liukuma.net Received: from www.liukuma.net ([127.0.0.1]) by www.liukuma.net (www.liukuma.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 6V2IWLz1CjM0; Wed, 14 Jul 2010 11:42:32 +0300 (EEST) Received: from rivendell (a91-155-174-194.elisa-laajakaista.fi [91.155.174.194]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) (Authenticated sender: ignatz@www.liukuma.net) by www.liukuma.net (Postfix) with ESMTPSA id 540751CC67; Wed, 14 Jul 2010 11:42:32 +0300 (EEST) X-DKIM: Sendmail DKIM Filter v2.8.3 www.liukuma.net 540751CC67 Message-ID: <0228E401B70A4023A6F86A2ADAE59EF9@rivendell> From: "Reko Turja" To: "Jeremy Chadwick" , "Henrik /KaarPoSoft" References: <4C3CC831.7040005@kaarposoft.dk> <20100713210729.GA11943@icarus.home.lan> In-Reply-To: <20100713210729.GA11943@icarus.home.lan> Date: Wed, 14 Jul 2010 11:42:45 +0300 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: quoted-printable X-Priority: 3 X-MSMail-Priority: Normal Importance: Normal X-Mailer: Microsoft Windows Live Mail 14.0.8089.726 X-MimeOLE: Produced By Microsoft MimeOLE V14.0.8089.726 Cc: freebsd-stable@freebsd.org, mamalos@eng.auth.gr Subject: Re: openldap client GSSAPI authentication segfaults in fbsd8stable i386 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jul 2010 08:42:37 -0000 >> I have a problem: ldapsearch results in "Segmentation fault" under >> openldap-2.4.23 with cyrus-sasl-2.1.23 >> >> A thread for similar issues was started by George Mamalakis back in >> february: >> = http://lists.freebsd.org/pipermail/freebsd-stable/2010-February/055017.ht= ml >> but I find no solution / conclusion from this thread, hence I post=20 >> here... >> >> I have installed FreeBSD 8.0-RELEASE-p2 on i386, updated with >> freebsd-update, and ports updated with "portsnap fetch update". >> >> Kerberos installed from packages, configured, and seems to work OK. I had similar issue with 8-RELEASE and cyrus-sasl2 with=20 cyrus-saslauthd linked against system kerberos. (uname -a xxx.xxx.xxx 8.0-RELEASE-p3 FreeBSD 8.0-RELEASE-p3 #1: Sat=20 Jun 12 00:39:22 EEST 2010=20 root@xxx.xxx.xxx:/usr/obj/usr/src/sys/WWW i386) The problem manifested itself with pretty much the same backtrace when=20 using cyradm tool for administering cyrus mailboxes and due time=20 constraints I solved my issue by removing all the gssapi plugin libs=20 from /usr/local/lib/sasl2, so my solution isn't really applicable in=20 your case. my /etc/hosts file for the server in question contains only localhost=20 entry + entry for one IP so George's solution didnt help with my=20 problem. >> /var/log/messages has: >> slapd[1146]: OTP unavailable because can't read/write key database >> /etc/opiekeys: Permission denied >> kernel: pid 53862 (ldapsearch), uid 1001: exited on signal 11 (core=20 >> dumped) >> >> The first message is from the LDAP server. Even if it has some >> problem, it should not lead the client to segfault. > > I agree. > > If I was to build a test box from scratch, can you tell me how to=20 > set up > all the necessary software/etc. to mimic your environment so that I > could try to reproduce this? Reviewing the source isn't enough, I'd > have to actually build a debug version of libgssapi to track it=20 > down. > Alternatively I can try to step you through how to debug this using=20 > gdb, > but again, lack of debugging symbols makes this annoying. I'd say that based on present evidence there is something broken in=20 gssapi/sasl interaction, but due my need of getting the server=20 functional quickly I didn't dig much further in the issue myself,=20 although I really don't know how to enable generating debugging=20 symbols for ports either - Which was another reason for not digging=20 deeper in the problem. I wonder if using dovecot-sasl would work with ldap and if it has the=20 same issue as cyrus-sasl - athough it doesn't seem to be available as=20 separate port. -Reko=20