Date: Wed, 14 Jul 2010 21:57:21 +0200 From: Henrik /KaarPoSoft <henrik@kaarposoft.dk> To: Joerg Pulz <Joerg.Pulz@frm2.tum.de>, freebsd-stable@freebsd.org Cc: mamalos@eng.auth.gr Subject: Re: openldap client GSSAPI authentication segfaults in fbsd8stable i386 Message-ID: <4C3E16A1.8070909@kaarposoft.dk> In-Reply-To: <alpine.BSF.2.00.1007141528530.27416@unqrf.nqzva.sez2> References: <4C3CC831.7040005@kaarposoft.dk> <alpine.BSF.2.00.1007141528530.27416@unqrf.nqzva.sez2>
next in thread | previous in thread | raw e-mail | index | archive | help
Joerg Pulz wrote:
> On Tue, 13 Jul 2010, Henrik /KaarPoSoft wrote:
>
>> Dear All,
>>
>> I have a problem: ldapsearch results in "Segmentation fault" under
>> openldap-2.4.23 with cyrus-sasl-2.1.23.
>>
>> [...]
>
> Dear Henrik,
>
> just a guess from my side.
>
> You said, that you installed and configured Kerberos from packages (i
> guess from ports or a prebuilt package).
> Did you by any chance set HEIMDAL_HOME=/usr before building and
> installing the kerberos port?
>
> Did you set HEIMDAL_HOME to point to the place where the package/port
> got installed (e.g. HEIMDAL_HOME=/usr/local) before building the
> cyrus-sasl2 port?
>
> Did you set HEIMDAL_HOME to anything at all? Please take a look at
> ${PORTSDIR}/security/cyrus-sasl2/Makefile to see the logic behind the
> kerberos selection.
>
> The valgrind and gdb output above shows that /usr/lib/libgssapi.so.10
> is used at runtime which comes out of the FreeBSD base system not out
> of your installed kerberos port/package. Maybe there is something
> messed up that kerberos from ports/package was used during build of
> cyrus-sasl2 but the base kerberos libs are used at runtime or vice versa.
>
> In any case, this is just one thing i would double check before deeper
> debugging.
Joerg, thank you very much for your input - most appreciated!
I simply installed heimdal with
pkg_add -r heimdal
I did not set HEIMDAL_HOME at any point.
"env" shows that HEIMDAL_HOME is not set.
So according to /usr/ports/security/cyrus-sasl2/Makefile I guess we
would have CONFIGURE_ARGS+=--enable-gssapi but no --with-gss_impl=heimdal
To be on the safe side, I tried
cd /usr/ports/security/cyrus-sasl2/
make clean
export HEIMDAL_HOME=/usr
make
(during make I noticed a few cc ... -DKRB5_HEIMDAL ...)
ldapsarch still coredumps with gss_init_sec_context () from
/usr/lib/libgssapi.so.10
I noticed that I have libgssapi's - no clue why:
srv02# ls /usr/lib/libgss*
/usr/lib/libgssapi.a /usr/lib/libgssapi_krb5.a
/usr/lib/libgssapi_krb5_p.a /usr/lib/libgssapi_ntlm.so.10
/usr/lib/libgssapi_spnego.a /usr/lib/libgssapi_spnego_p.a
/usr/lib/libgssapi.so /usr/lib/libgssapi_krb5.so
/usr/lib/libgssapi_ntlm.a /usr/lib/libgssapi_ntlm_p.a
/usr/lib/libgssapi_spnego.so
/usr/lib/libgssapi.so.10 /usr/lib/libgssapi_krb5.so.10
/usr/lib/libgssapi_ntlm.so /usr/lib/libgssapi_p.a
/usr/lib/libgssapi_spnego.so.10
srv02# ls /usr/local/lib/libgss*
/usr/local/lib/libgssapi.a /usr/local/lib/libgssapi.la
/usr/local/lib/libgssapi.so /usr/local/lib/libgssapi.so.2
Next I tried pkg_delete heimdal-1.0.1_1
and then
srv02# ls /usr/local/bin/k*
ls: No match.
srv02# ls /usr/bin/k*
/usr/bin/kadmin /usr/bin/kdump /usr/bin/keylogout /usr/bin/killall
/usr/bin/klist /usr/bin/krb5-config /usr/bin/ktrace
/usr/bin/kdestroy /usr/bin/keylogin /usr/bin/kgdb /usr/bin/kinit
/usr/bin/kpasswd /usr/bin/ksu /usr/bin/ktrdump
srv02# ls /usr/lib/libgss*
/usr/lib/libgssapi.a /usr/lib/libgssapi_krb5.a
/usr/lib/libgssapi_krb5_p.a /usr/lib/libgssapi_ntlm.so.10
/usr/lib/libgssapi_spnego.a /usr/lib/libgssapi_spnego_p.a
/usr/lib/libgssapi.so /usr/lib/libgssapi_krb5.so
/usr/lib/libgssapi_ntlm.a /usr/lib/libgssapi_ntlm_p.a
/usr/lib/libgssapi_spnego.so
/usr/lib/libgssapi.so.10 /usr/lib/libgssapi_krb5.so.10
/usr/lib/libgssapi_ntlm.so /usr/lib/libgssapi_p.a
/usr/lib/libgssapi_spnego.so.10
srv02# ls /usr/local/lib/libgss*
ls: No match.
so it would seem that the /usr/local heimdal is now gone, but some
heimdal is still left in /usr ?
looking at a different partition with a vanilla FreeBSD install I find
the same files in /usr/lib and /usr/bin.
maybe I did not have to install kerberos package at all ?
I will play a bit more with this, but any more input would still be
appreciated...
/Henrik
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C3E16A1.8070909>