From owner-freebsd-current@FreeBSD.ORG  Fri Jan 23 18:05:57 2009
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id CD38C1065670
	for <current@freebsd.org>; Fri, 23 Jan 2009 18:05:57 +0000 (UTC)
	(envelope-from Hartmut.Brandt@dlr.de)
Received: from smtp-3.dlr.de (smtp-3.dlr.de [195.37.61.187])
	by mx1.freebsd.org (Postfix) with ESMTP id 60E3B8FC0A
	for <current@freebsd.org>; Fri, 23 Jan 2009 18:05:57 +0000 (UTC)
	(envelope-from Hartmut.Brandt@dlr.de)
Received: from knopdnsimu13l.kn.op.dlr.de ([129.247.178.118]) by smtp-3.dlr.de
	over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); 
	Fri, 23 Jan 2009 19:05:55 +0100
Date: Fri, 23 Jan 2009 19:02:07 +0100 (CET)
From: Harti Brandt <hartmut.brandt@dlr.de>
X-X-Sender: brandt_h@knopdnsimu13l.kn.op.dlr.de
To: harti@freebsd.org
In-Reply-To: <E2F5A6372272F744859F67CB11ABC1110507D4@exbe05.intra.dlr.de>
Message-ID: <alpine.BSF.1.10.0901231858510.1173@knopdnsimu13l.kn.op.dlr.de>
References: <E2F5A6372272F744859F67CB11ABC1110507D4@exbe05.intra.dlr.de>
User-Agent: Alpine 1.10 (BSF 962 2008-03-14)
X-OpenPGP-Key: harti@freebsd.org
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED;
	BOUNDARY="3030779680-1567109463-1232733730=:1173"
X-OriginalArrivalTime: 23 Jan 2009 18:05:55.0283 (UTC)
	FILETIME=[3C50F230:01C97D85]
Cc: current@freebsd.org
Subject: Re: problem with nss_ldap
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Harti Brandt <harti@freebsd.org>
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Jan 2009 18:05:58 -0000

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--3030779680-1567109463-1232733730=:1173
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Content-Transfer-Encoding: 8BIT

On Sun, 18 Jan 2009, Hartmut.Brandt@dlr.de wrote:

> Hi,
>
> for a year or so I had nss_ldap connected to an active directory (with openldap23-sasl-client) on a year-old current. Yesterday I've rebuilt everything and I started to get 'undefined symbols' (for example gss_equal_oid) when running any program needing pw or group entries. After some poking around I fixed these by adding -lgssapi to the Makefiles for libgssapi_krb5.so and libgssap_spnego.so. Now getent, local login and everything works fine, except cron and sshd.
>
> Both create entries in /var/log/messages like:
>
> Jan 18 20:00:02 knopdnsimu13f cron[1495]: GSSAPI Error:  Miscellaneous failure (see text)???????????????ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
 ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
> Jan 18 20:00:02 knopdnsimu13f kernel: ZZZZZZZZZZZZZZZZ
>
> I've tried to figure out in which of the dozens of layered libraries (gss, sasl, ssl, ......) this error is generated but did not find anything.
>
> This is on amd64, krb5 enabled in pam, gssapi disabled in sshd_config (as I said, this worked before).

So to answer my own mail: I made a link from the kerberos ticket file 
which contains the host ticket (and is specified in nss_ldap.conf) to 
/tmp/krb5cc_0. I've no idea why this is suddenly necessary, though.

harti

>
> Any ideas?
> harti
> _______________________________________________
> freebsd-current@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"
>
>
--3030779680-1567109463-1232733730=:1173--