From owner-freebsd-stable@FreeBSD.ORG Fri Jul 16 11:33:20 2010 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 78CFE106566B for ; Fri, 16 Jul 2010 11:33:20 +0000 (UTC) (envelope-from reko.turja@liukuma.net) Received: from www.liukuma.net (www.liukuma.net [IPv6:2001:470:28:38a::1]) by mx1.freebsd.org (Postfix) with ESMTP id 19DE38FC0C for ; Fri, 16 Jul 2010 11:33:20 +0000 (UTC) Received: from www.liukuma.net (localhost [127.0.0.1]) by www.liukuma.net (Postfix) with ESMTP id 496C51CC5A; Fri, 16 Jul 2010 14:33:19 +0300 (EEST) X-DKIM: Sendmail DKIM Filter v2.8.3 www.liukuma.net 496C51CC5A DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=liukuma.net; s=liukudkim; t=1279279999; bh=W9COeVc+Q5FjLVIwn+8VmcR1UF8LKi/pIVjwMFMbq+c=; h=Message-ID:From:To:Cc:References:In-Reply-To:Subject:Date: MIME-Version:Content-Type:Content-Transfer-Encoding; b=dRXOKF0/hCh6vhAWlLijtv4U3Ilgw59ywW2gs0u+Ik05i9diSiomFKzT92jqFFDwf PHzmIe2HkzsFg8gRqhDYlWyvq/51uAcVDXhfB1K6+oc64aUK/2BT5zwmToSBZxQ1rj 91w88XFc03ozzliGnZ6AX/xHcpFDgWYL11oGmKy0= X-Virus-Scanned: amavisd-new at liukuma.net Received: from www.liukuma.net ([127.0.0.1]) by www.liukuma.net (www.liukuma.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id g+uru+ctxA52; Fri, 16 Jul 2010 14:33:16 +0300 (EEST) Received: from rivendell (a91-155-174-194.elisa-laajakaista.fi [91.155.174.194]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) (Authenticated sender: ignatz@www.liukuma.net) by www.liukuma.net (Postfix) with ESMTPSA id DB2241CC59; Fri, 16 Jul 2010 14:33:15 +0300 (EEST) X-DKIM: Sendmail DKIM Filter v2.8.3 www.liukuma.net DB2241CC59 Message-ID: <7AD0E8F6044245DEA6C218A28F08FB99@rivendell> From: "Reko Turja" To: "Jeremy Chadwick" References: <4C3CC831.7040005@kaarposoft.dk> <20100713210729.GA11943@icarus.home.lan> <0228E401B70A4023A6F86A2ADAE59EF9@rivendell> <008D0251AE4F4A2DBAA1369410565B61@rivendell> <20100715162251.GA73929@icarus.home.lan> <20100716083617.GA97981@icarus.home.lan> <3FE6787E5CAC4C108C031CA6C8044FE4@rivendell> <20100716092512.GA99365@icarus.home.lan> <20100716110427.GA1939@icarus.home.lan> <20100716111000.GA2501@icarus.home.lan> In-Reply-To: <20100716111000.GA2501@icarus.home.lan> Date: Fri, 16 Jul 2010 14:33:17 +0300 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: quoted-printable X-Priority: 3 X-MSMail-Priority: Normal Importance: Normal X-Mailer: Microsoft Windows Live Mail 14.0.8089.726 X-MimeOLE: Produced By Microsoft MimeOLE V14.0.8089.726 Cc: "Mikhail T." , freebsd-stable@freebsd.org, Henrik /KaarPoSoft Subject: Re: openldap client GSSAPI authentication segfaults in fbsd8stablei386 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Jul 2010 11:33:20 -0000 >> Thanks. Most of this worked, except the following: [SNIP] >> Which worked. I hope this was the right thing to do. My bad there, I was slightly pressed for time and did not check if=20 default cyrus documentation was sane in freebsd context - what you did=20 was quite correct. >> However, upon startup, I now see the following in all.log: [SNIP] >> I'm not sure if this feature is needed for reproducing the crash,=20 >> so I >> modified cyrus.conf and commented the line out, then restarted=20 >> imapd, >> which got me: Yep, idled can be disabled as far as I'm aware, so nothing drastic=20 there either. >> Then for the final test: >> >> testbox# cyradm >> cyradm> quit >> testbox# cyradm localhost >> Password: >> >> Where I hit enter/blank, which got me: >> >> Login disabled. >> cyradm: cannot authenticate to server with as root >> testbox# >> >> And no sign of a crash. >> >> So what's next? > > I forgot to check all.log. It contains errors. Hopefully someone=20 > will > know what to do about this: > > Jul 16 04:03:50 testbox imap[1619]: executed > Jul 16 04:03:50 testbox imap[1619]: accepted connection > Jul 16 04:03:50 testbox imap[1619]: OTP unavailable because can't=20 > read/write key database /etc/opiekeys: Permission denied > Jul 16 04:03:50 testbox kernel: Jul 16 04:03:50 testbox imap[1619]:=20 > OTP unavailable because can't read/write key database /etc/opiekeys:=20 > Permission denied > Jul 16 04:03:50 testbox perl: GSSAPI Error: Miscellaneous failure=20 > (see text) (unknown mech-code 2 for mech unknown) > Jul 16 04:03:50 testbox kernel: Jul 16 04:03:50 testbox perl: GSSAPI=20 > Error: Miscellaneous failure (see text) (unknown mech-code 2 for=20 > mech unknown) > Jul 16 04:03:50 testbox perl: DIGEST-MD5 client step 2 > Jul 16 04:04:00 testbox imap[1619]: badlogin: localhost [127.0.0.1]=20 > DIGEST-MD5 [SASL(-17): One time use of a plaintext password will=20 > enable requested mechanism for user: no secret in database] > Jul 16 04:04:03 testbox perl: NTLM client step 1 > Jul 16 04:04:03 testbox imap[1619]: NTLM server step 1 > Jul 16 04:04:03 testbox imap[1619]: client flags: 207 > Jul 16 04:04:03 testbox perl: NTLM client step 2 > Jul 16 04:04:03 testbox perl: No worthy mechs found > Jul 16 04:04:03 testbox kernel: Jul 16 04:04:03 testbox perl: No=20 > worthy mechs found You can move the surplus mechs (libopie*, libntlm*) from=20 /usr/local/lib/sasl2 to for example /usr/local/lib/sasl2/disabled check that you have the following in /etc/rc.conf and restart=20 saslauthd afterwards saslauthd_enable=3D"YES" saslauthd_flags=3D"-a pam" -Reko=20