From owner-freebsd-current@FreeBSD.ORG Thu Oct 30 08:35:54 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 77B0D45E for ; Thu, 30 Oct 2014 08:35:54 +0000 (UTC) Received: from mail-wg0-x230.google.com (mail-wg0-x230.google.com [IPv6:2a00:1450:400c:c00::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 061558F5 for ; Thu, 30 Oct 2014 08:35:53 +0000 (UTC) Received: by mail-wg0-f48.google.com with SMTP id m15so3643186wgh.21 for ; Thu, 30 Oct 2014 01:35:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:disposition-notification-to:date:from:user-agent :mime-version:to:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=7KBQOZD8KEEEBmb2xgogw7PlVxaxKeyKmYqy1GOMXxA=; b=OHmE8FvgPCzMA1Is9i1MLcLW1ODNJIFmqv1DK9RmxmNf7TNwiWrjkd9ykqHjzOhbCj lvnyjqRN9fMn673BTp6JXaUT7hu7P6e0oZW9ObdieVrMUvOX/9GLdUlEnBhQchIF0Gyd +GVnlofTXbegHcqoXXQaGIxvUgX2/n8F/dGGoMzybkVJ/zdrAgAoNEGYmU61EvDVq7y7 dtSDWNDqgEDaY+d3xLfbvhNrWAf6C0oXCs1wMec3sZSFYDQ65eOdVLedu7KzJIxcLWsL no4cxu2rGRy1gJ1qJMRVGu4DY1vgqulXwDBHQ49Z6bm7NftqCm44bdSbUtDgDirQxiqU idEw== X-Received: by 10.180.19.68 with SMTP id c4mr18661011wie.44.1414658151419; Thu, 30 Oct 2014 01:35:51 -0700 (PDT) Received: from [192.168.50.14] (business-86-101-229-9.business.broadband.hu. [86.101.229.9]) by mx.google.com with ESMTPSA id ua8sm7883490wjc.7.2014.10.30.01.35.50 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 30 Oct 2014 01:35:50 -0700 (PDT) Message-ID: <5451F865.4040004@gmail.com> Date: Thu, 30 Oct 2014 09:35:49 +0100 From: =?ISO-8859-1?Q?L=E9vai_L=E1szl=F3?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.8.1 MIME-Version: 1.0 To: freebsd-current@freebsd.org Subject: Re: Heimdal with OpenLDAP backend: Cannot open /usr/lib/hdb_ldap.so References: <20141030092039.47802349@prometheus> In-Reply-To: <20141030092039.47802349@prometheus> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Oct 2014 08:35:54 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, try this: [1] kill all kerberos process [2] to start KDC: /usr/local/libexec/kdc --detach [3] /usr/local/sbin/kadmin -l kadmin> list -l * [...] Principal: krbtgt/... Principal expires: never Password expires: never Last password change: never Max ticket life: unlimited Max renewable life: unlimited Kvno: 1 Mkvno: unknown Last successful login: never Last failed login: never Failed login count: 0 Last modified: 2014-10-28 11:44:00 UTC Modifier: unknown Attributes: Keytypes: aes256-cts-hmac-sha1-96(pw-salt), des3-cbc-sha1(pw-salt), arcfour-hmac-md5(pw-salt) PK-INIT ACL: Aliases: Principal: kadmin/changepw@... Principal expires: never Password expires: never Last password change: never Max ticket life: 5 minutes Max renewable life: 5 minutes Kvno: 1 Mkvno: unknown Last successful login: never Last failed login: never Failed login count: 0 Last modified: 2014-10-28 11:44:00 UTC Modifier: unknown Attributes: pwchange-service, requires-pre-auth, disallow-proxiable, disallow-renewable, disallow-tgt-based, disallow-postdated Keytypes: aes256-cts-hmac-sha1-96(pw-salt), des3-cbc-sha1(pw-salt), arcfour-hmac-md5(pw-salt) PK-INIT ACL: Aliases: Principal: kadmin/admin@... Principal expires: never Password expires: never Last password change: never Max ticket life: 1 hour Max renewable life: 1 hour Kvno: 1 Mkvno: unknown Last successful login: never Last failed login: never Failed login count: 0 Last modified: 2014-10-28 11:44:00 UTC Modifier: unknown Attributes: requires-pre-auth Keytypes: aes256-cts-hmac-sha1-96(pw-salt), des3-cbc-sha1(pw-salt), arcfour-hmac-md5(pw-salt) PK-INIT ACL: Aliases: Principal: changepw/kerberos@... Principal expires: never Password expires: never Last password change: never Max ticket life: 1 hour Max renewable life: 1 hour Kvno: 1 Mkvno: unknown Last successful login: never Last failed login: never Failed login count: 0 Last modified: 2014-10-28 11:44:01 UTC Modifier: unknown Attributes: pwchange-service, disallow-tgt-based Keytypes: aes256-cts-hmac-sha1-96(pw-salt), des3-cbc-sha1(pw-salt), arcfour-hmac-md5(pw-salt) PK-INIT ACL: Aliases: Principal: kadmin/hprop@... Principal expires: never Password expires: never Last password change: never Max ticket life: 1 hour Max renewable life: 1 hour Kvno: 1 Mkvno: unknown Last successful login: never Last failed login: never Failed login count: 0 Last modified: 2014-10-28 11:44:01 UTC Modifier: unknown Attributes: requires-pre-auth, disallow-tgt-based Keytypes: aes256-cts-hmac-sha1-96(pw-salt), des3-cbc-sha1(pw-salt), arcfour-hmac-md5(pw-salt) PK-INIT ACL: Aliases: Principal: WELLKNOWN/ANONYMOUS@... Principal expires: never Password expires: never Last password change: never Max ticket life: 1 hour Max renewable life: 1 hour Kvno: 1 Mkvno: unknown Last successful login: never Last failed login: never Failed login count: 0 Last modified: 2014-10-28 11:44:01 UTC Modifier: unknown Attributes: requires-pre-auth Keytypes: aes256-cts-hmac-sha1-96(pw-salt), des3-cbc-sha1(pw-salt), arcfour-hmac-md5(pw-salt) PK-INIT ACL: Aliases: Principal: default@... Principal expires: never Password expires: never Last password change: never Max ticket life: 1 day Max renewable life: 1 week Kvno: 1 Mkvno: unknown Last successful login: never Last failed login: never Failed login count: 0 Last modified: 2014-10-28 11:44:01 UTC Modifier: unknown Attributes: disallow-all-tix Keytypes: aes256-cts-hmac-sha1-96(pw-salt), des3-cbc-sha1(pw-salt), arcfour-hmac-md5(pw-salt) PK-INIT ACL: Aliases: [...] 2014-10-30 09:20 keltezéssel, O. Hartmann írta: > On CURRENT (FreeBSD 11.0-CURRENT #0 r273810: Wed Oct 29 07:52:22 > CET 2014 amd64) a running net/openldap24-sasl-server system is > installed and running and is now about to be the database backend > for Kerberos/Heimdal. net/openldap24-sasl-server is at > openldap-sasl-server-2.4.40. > > The database storage scheme of the LDAP backend is MDB, as it is > highly recommended by the vendors of OpenLDAP. > > Searching for suitable manuals, I found some HowTos describing how > to setup MIT Kerberos V with an OpenLDAP backend and I started > following the instructions there. Despite the fact that > http://www.h5l.org/manual is dead(!) and no usefull documentation > or any kind of a hint where to find useful documentation for > Heimdal can be found, many of the MIT Kerberos V setup instructions > seem to be a dead end when using Heimdal on FreeBSD. Most of the > links on that heimdal site ends up in ERROR 404! > > Well, I think my objective isn't that exotic in an more advanced > server environment and I think since FreeBSD is supposed to be used > in advanced server environments this task should be well known - > but little information/documentation is available. > > Nevertheless, I use the base system's heimdal implementation and I > run into a very frustrating error when trying to run "kamdin -l": > > kadmin: error trying to load dynamic module /usr/lib/hdb_ldap.so: > Cannot open "/usr/lib/hdb_ldap.so" > > The setup for the stanza [kdc] is > > [...] [kdc] database = { > dbname=ldap:ou=kerberos,dc=server,dc=gdr > #hdb-ldap-structural-object = inetOrgPerson mkey_file = > /var/heimdal/m-key acl_file = /var/heimdal/kadmind.acl } > > instructions taken from > http://www.padl.com/Research/Heimdal.html. > > Well, it seems that FreeBSD ships with a crippled heimdal > implementation. Where is /usr/lib/hdb_ldap.so? > > I'm toying around this issue for several days now and it gets more > and more frustrating, also with the perspective of having no > running samba 4.1 server for the windows domain. > > Can someone give me a hint where to find suitable FreeBSD docs for > a task like this? I guess since FreeBSD is considered a server OS > more than a desktop/toy OS, there must be a solution for this. > FreeBSD ships with heimdal in the base, but it seems this heimdal > is broken. > > P.S. Please CC me. _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current To > unsubscribe, send any mail to > "freebsd-current-unsubscribe@freebsd.org" > - -- Tisztelettel: Lévai László -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iF4EAREIAAYFAlRR+GEACgkQtgVHtSvpUlo8hgD/dJbCxh7dBdm1tosZ8fdmMuCf o6fBH3629SPMpGxxon0A/jK7hheRgcJYaIRTVUbmwKm3clbkVW4smcNCf8dPrTq5 =vvoI -----END PGP SIGNATURE-----