From owner-freebsd-stable@FreeBSD.ORG Sun Jul 18 18:22:55 2010 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7F34D1065670 for ; Sun, 18 Jul 2010 18:22:55 +0000 (UTC) (envelope-from ben@b1c1l1.com) Received: from lancer.b1c1l1.com (unknown [IPv6:2607:f358:1a:1a:1000::]) by mx1.freebsd.org (Postfix) with ESMTP id 5E3288FC16 for ; Sun, 18 Jul 2010 18:22:55 +0000 (UTC) Received: from nsx.b1c1l1.com (nsx.b1c1l1.com [IPv6:2001:470:83fb:0:250:8dff:fe9a:f666]) by lancer.b1c1l1.com (Postfix) with ESMTPSA id CFAC45C29; Sun, 18 Jul 2010 11:22:54 -0700 (PDT) Message-ID: <4C434678.70502@b1c1l1.com> Date: Sun, 18 Jul 2010 11:22:48 -0700 From: Benjamin Lee User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.4) Gecko/20100628 Thunderbird/3.1 MIME-Version: 1.0 To: Reko Turja References: <20100716110427.GA1939@icarus.home.lan> <20100716111000.GA2501@icarus.home.lan> <7AD0E8F6044245DEA6C218A28F08FB99@rivendell> <20100716122446.GA3241@icarus.home.lan> <20100716135102.GA5625@icarus.home.lan> <20100717134149.GA40907@icarus.home.lan> <677C8B72CF414265A0819E4824212BB5@rivendell> <20100717144120.GA42230@icarus.home.lan> <4C41F34E.2030309@b1c1l1.com> In-Reply-To: X-Enigmail-Version: 1.1.2 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig2F263705D7AAF47C64C47EBB" Cc: "Mikhail T." , Jeremy Chadwick , freebsd-stable@freebsd.org, Joerg Pulz , Henrik /KaarPoSoft Subject: Re: openldap client GSSAPI authentication segfaults in fbsd8stablei386 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jul 2010 18:22:55 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig2F263705D7AAF47C64C47EBB Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 07/18/2010 06:52 AM, Reko Turja wrote: > After manually changing the gssapi header used in > /usr/src/include/rpc/rpcsec_gss.h to somewhat klunky "#include > "/usr/src/crypto/heimdal/lib/gssapi/gssapi/gssapi.h"" system csupped > yesterday built okay and after rebuilding cyrus-sasl, saslauthd and > cyrus I get the following failures in log: >=20 > Jul 18 16:37:35 moria perl: GSSAPI Error: Miscellaneous failure (see > text)^B (open(/tmp/krb5cc_0): No such file or directory) >=20 > -This is expected behaviour as Kerberos was not running at the moment, > but with Benjamin's patch Kerberos/GSSAPI spat out a meaningful error > message >=20 > After dusting off my old Kerberos setup, doing basic kinit and running > cyradm localhost I got: >=20 > Jul 18 16:39:00 moria perl: GSSAPI Error: Miscellaneous failure (see > text) (Server (imap/localhost@XXX.DOMAIN.COM) unknown) >=20 > -Again expected as there is no imap trust relationship defined. >=20 > So at least after cursory testing it looks like that with Benjamin's > patch there is a working GSSAPI/Kerberos backend available, instead of > something that chokes on passed parameters that are ok for every other > tested gssapi implementation. >=20 > Of course, more thorough testing in proper kerberised/LDAP environment > needs to be done, which is something I haven't got time at the moment. Thanks for your testing! Based on the lack of attention my PR has received it seems that not many people have noticed the regression in libgssapi, even though the breaking commit happened in -CURRENT way back in 2008. When you get a chance, please append your test results to PR kern/147454. That may be helpful in attracting some more attention to this issue. --=20 Benjamin Lee http://www.b1c1l1.com/ --------------enig2F263705D7AAF47C64C47EBB Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJMQ0Z+AAoJEHBW16CPoSMCmYoQAIx3ODepz1ZyuX94pnxmhZrB 079cN6tp4BWdpSZOwuwc8FzelYUlTdOFd2kLLu6WycZ7w0rQhaVdylrDdKWDUvf/ mjtHDghrMP3b+a8tXrG+twP9UTdboibNzsr9ccZLykB8jSPo7RIYyXy1I5ee5XLk 56ln2yaH9cwMZn7S9RSpmFCGM2j+lx6PhNlDj9xxyUFG9mmwUd2Qz6x16DrMSAwX mnY81K6ywmmqSH03HniYOGBLKzL1yBIWwFmRnoHA5+cysukjMKAiRm64IqKiGMvo MhjKqM8ebFRXI8wWY1KKiltoayKN+/4hGbmuGAxXTVVfy9RsglmiGNV2ATYcX//Q R1LUIKcHqvu7YtSva2bSAzarljnVAH90GgpFtC2S7pjCtuNvQpExm23KOy9PBD+3 L6cE6nIZbWKmxs4Ou6QWLJwfXBPPeJeBDIsWRPqS1h8onfjY9RJ6ug4P7JHY2yxR SGdK/ajZkskOPjIkDsMCGpl+J5frbKJTLFSuHFL1snoSbx3pOP2y56WE46KN3mLh xm7QXAbhpopUsvebhU1vPs4dlvLpqg7pRg892C3LLdu0YJHqpCFRwT5asdavNwTd AWLAFKlFi5bNun7PHfnjsYNlXc6bPY8TfCTVHWv6500lpuewHzFBVPaE+oBawO0h 7Y4I6CrsT/lOfYkM+qZw =5vu0 -----END PGP SIGNATURE----- --------------enig2F263705D7AAF47C64C47EBB--