Date: Fri, 16 Jul 2010 14:33:17 +0300 From: "Reko Turja" <reko.turja@liukuma.net> To: "Jeremy Chadwick" <freebsd@jdc.parodius.com> Cc: "Mikhail T." <mi+thun@aldan.algebra.com>, freebsd-stable@freebsd.org, Henrik /KaarPoSoft <henrik@kaarposoft.dk> Subject: Re: openldap client GSSAPI authentication segfaults in fbsd8stablei386 Message-ID: <7AD0E8F6044245DEA6C218A28F08FB99@rivendell> In-Reply-To: <20100716111000.GA2501@icarus.home.lan> References: <4C3CC831.7040005@kaarposoft.dk> <20100713210729.GA11943@icarus.home.lan> <0228E401B70A4023A6F86A2ADAE59EF9@rivendell> <008D0251AE4F4A2DBAA1369410565B61@rivendell> <20100715162251.GA73929@icarus.home.lan> <20100716083617.GA97981@icarus.home.lan> <3FE6787E5CAC4C108C031CA6C8044FE4@rivendell> <20100716092512.GA99365@icarus.home.lan> <EF24D143F0AF49AD9B27F838AFA0A6F4@rivendell> <20100716110427.GA1939@icarus.home.lan> <20100716111000.GA2501@icarus.home.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
>> Thanks. Most of this worked, except the following: [SNIP] >> Which worked. I hope this was the right thing to do. My bad there, I was slightly pressed for time and did not check if=20 default cyrus documentation was sane in freebsd context - what you did=20 was quite correct. >> However, upon startup, I now see the following in all.log: [SNIP] >> I'm not sure if this feature is needed for reproducing the crash,=20 >> so I >> modified cyrus.conf and commented the line out, then restarted=20 >> imapd, >> which got me: Yep, idled can be disabled as far as I'm aware, so nothing drastic=20 there either. >> Then for the final test: >> >> testbox# cyradm >> cyradm> quit >> testbox# cyradm localhost >> Password: >> >> Where I hit enter/blank, which got me: >> >> Login disabled. >> cyradm: cannot authenticate to server with as root >> testbox# >> >> And no sign of a crash. >> >> So what's next? > > I forgot to check all.log. It contains errors. Hopefully someone=20 > will > know what to do about this: > > Jul 16 04:03:50 testbox imap[1619]: executed > Jul 16 04:03:50 testbox imap[1619]: accepted connection > Jul 16 04:03:50 testbox imap[1619]: OTP unavailable because can't=20 > read/write key database /etc/opiekeys: Permission denied > Jul 16 04:03:50 testbox kernel: Jul 16 04:03:50 testbox imap[1619]:=20 > OTP unavailable because can't read/write key database /etc/opiekeys:=20 > Permission denied > Jul 16 04:03:50 testbox perl: GSSAPI Error: Miscellaneous failure=20 > (see text) (unknown mech-code 2 for mech unknown) > Jul 16 04:03:50 testbox kernel: Jul 16 04:03:50 testbox perl: GSSAPI=20 > Error: Miscellaneous failure (see text) (unknown mech-code 2 for=20 > mech unknown) > Jul 16 04:03:50 testbox perl: DIGEST-MD5 client step 2 > Jul 16 04:04:00 testbox imap[1619]: badlogin: localhost [127.0.0.1]=20 > DIGEST-MD5 [SASL(-17): One time use of a plaintext password will=20 > enable requested mechanism for user: no secret in database] > Jul 16 04:04:03 testbox perl: NTLM client step 1 > Jul 16 04:04:03 testbox imap[1619]: NTLM server step 1 > Jul 16 04:04:03 testbox imap[1619]: client flags: 207 > Jul 16 04:04:03 testbox perl: NTLM client step 2 > Jul 16 04:04:03 testbox perl: No worthy mechs found > Jul 16 04:04:03 testbox kernel: Jul 16 04:04:03 testbox perl: No=20 > worthy mechs found You can move the surplus mechs (libopie*, libntlm*) from=20 /usr/local/lib/sasl2 to for example /usr/local/lib/sasl2/disabled check that you have the following in /etc/rc.conf and restart=20 saslauthd afterwards saslauthd_enable=3D"YES" saslauthd_flags=3D"-a pam" -Reko=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7AD0E8F6044245DEA6C218A28F08FB99>