From owner-freebsd-stable@FreeBSD.ORG Wed Jul 14 08:57:08 2010 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3C555106566C for ; Wed, 14 Jul 2010 08:57:08 +0000 (UTC) (envelope-from mamalos@eng.auth.gr) Received: from vergina.eng.auth.gr (vergina.eng.auth.gr [155.207.18.1]) by mx1.freebsd.org (Postfix) with ESMTP id C3E9D8FC08 for ; Wed, 14 Jul 2010 08:57:07 +0000 (UTC) Received: from [155.207.33.29] (mamalacation.ee.auth.gr [155.207.33.29]) by vergina.eng.auth.gr (8.14.3/8.14.1) with ESMTP id o6E8v5tX073773 for ; Wed, 14 Jul 2010 11:57:06 +0300 (EEST) (envelope-from mamalos@eng.auth.gr) Message-ID: <4C3D7BD9.5020503@eng.auth.gr> Date: Wed, 14 Jul 2010 11:56:57 +0300 From: George Mamalakis User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.10) Gecko/20100512 Thunderbird/3.0.5 MIME-Version: 1.0 To: freebsd-stable@freebsd.org References: <4C3CC831.7040005@kaarposoft.dk> <20100713210729.GA11943@icarus.home.lan> <0228E401B70A4023A6F86A2ADAE59EF9@rivendell> In-Reply-To: <0228E401B70A4023A6F86A2ADAE59EF9@rivendell> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Subject: Re: openldap client GSSAPI authentication segfaults in fbsd8stable i386 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jul 2010 08:57:08 -0000 On 14/7/2010 11:42 πμ, Reko Turja wrote: >>> I have a problem: ldapsearch results in "Segmentation fault" under >>> openldap-2.4.23 with cyrus-sasl-2.1.23 >>> >>> A thread for similar issues was started by George Mamalakis back in >>> february: >>> http://lists.freebsd.org/pipermail/freebsd-stable/2010-February/055017.html >>> >>> but I find no solution / conclusion from this thread, hence I post >>> here... >>> >>> I have installed FreeBSD 8.0-RELEASE-p2 on i386, updated with >>> freebsd-update, and ports updated with "portsnap fetch update". >>> >>> Kerberos installed from packages, configured, and seems to work OK. > > I had similar issue with 8-RELEASE and cyrus-sasl2 with > cyrus-saslauthd linked against system kerberos. > > (uname -a xxx.xxx.xxx 8.0-RELEASE-p3 FreeBSD 8.0-RELEASE-p3 #1: Sat > Jun 12 00:39:22 EEST 2010 root@xxx.xxx.xxx:/usr/obj/usr/src/sys/WWW i386) > > The problem manifested itself with pretty much the same backtrace when > using cyradm tool for administering cyrus mailboxes and due time > constraints I solved my issue by removing all the gssapi plugin libs > from /usr/local/lib/sasl2, so my solution isn't really applicable in > your case. > > my /etc/hosts file for the server in question contains only localhost > entry + entry for one IP so George's solution didnt help with my problem. > >>> /var/log/messages has: >>> slapd[1146]: OTP unavailable because can't read/write key database >>> /etc/opiekeys: Permission denied >>> kernel: pid 53862 (ldapsearch), uid 1001: exited on signal 11 (core >>> dumped) >>> >>> The first message is from the LDAP server. Even if it has some >>> problem, it should not lead the client to segfault. >> >> I agree. >> >> If I was to build a test box from scratch, can you tell me how to set up >> all the necessary software/etc. to mimic your environment so that I >> could try to reproduce this? Reviewing the source isn't enough, I'd >> have to actually build a debug version of libgssapi to track it down. > >> Alternatively I can try to step you through how to debug this using gdb, >> but again, lack of debugging symbols makes this annoying. > > I'd say that based on present evidence there is something broken in > gssapi/sasl interaction, but due my need of getting the server > functional quickly I didn't dig much further in the issue myself, > although I really don't know how to enable generating debugging > symbols for ports either - Which was another reason for not digging > deeper in the problem. > > I wonder if using dovecot-sasl would work with ldap and if it has the > same issue as cyrus-sasl - athough it doesn't seem to be available as > separate port. > > -Reko > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > Hello guys, I am glad that somebody brought this issue back, since despite my last email regarding the same issue on 25/02/2010 saying that there must be something wrong with the function gss_release_buffer(void *a, void *b), the issue got forgotten. The problem would not persist in amd64, so I stopped looking it further myself. Whoever wants to see more information on this issue, search the subject field of this list for: openldap client GSSAPI authentication segfaults in fbsd8stable i386 I hope that a remedy to this issue will be yielded this time. -- George Mamalakis IT Officer Electrical and Computer Engineer (Aristotle Un. of Thessaloniki), MSc (Imperial College of London) Department of Electrical and Computer Engineering Faculty of Engineering Aristotle University of Thessaloniki phone number : +30 (2310) 994379