From owner-freebsd-stable@FreeBSD.ORG  Sat Jul 17 14:41:24 2010
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1DC0D106566B
	for <freebsd-stable@freebsd.org>; Sat, 17 Jul 2010 14:41:24 +0000 (UTC)
	(envelope-from jdc@koitsu.dyndns.org)
Received: from qmta12.emeryville.ca.mail.comcast.net
	(qmta12.emeryville.ca.mail.comcast.net [76.96.27.227])
	by mx1.freebsd.org (Postfix) with ESMTP id F1B198FC12
	for <freebsd-stable@freebsd.org>; Sat, 17 Jul 2010 14:41:23 +0000 (UTC)
Received: from omta15.emeryville.ca.mail.comcast.net ([76.96.30.71])
	by qmta12.emeryville.ca.mail.comcast.net with comcast
	id j2al1e0041Y3wxoAC2hPTr; Sat, 17 Jul 2010 14:41:23 +0000
Received: from koitsu.dyndns.org ([98.248.41.155])
	by omta15.emeryville.ca.mail.comcast.net with comcast
	id j2hL1e0083LrwQ28b2hMLL; Sat, 17 Jul 2010 14:41:22 +0000
Received: by icarus.home.lan (Postfix, from userid 1000)
	id C5A7B9B425; Sat, 17 Jul 2010 07:41:20 -0700 (PDT)
Date: Sat, 17 Jul 2010 07:41:20 -0700
From: Jeremy Chadwick <freebsd@jdc.parodius.com>
To: Reko Turja <reko.turja@liukuma.net>
Message-ID: <20100717144120.GA42230@icarus.home.lan>
References: <EF24D143F0AF49AD9B27F838AFA0A6F4@rivendell>
	<20100716110427.GA1939@icarus.home.lan>
	<20100716111000.GA2501@icarus.home.lan>
	<7AD0E8F6044245DEA6C218A28F08FB99@rivendell>
	<20100716122446.GA3241@icarus.home.lan>
	<B06E2DF2032C480AA3094E2F561911AF@rivendell>
	<20100716135102.GA5625@icarus.home.lan>
	<alpine.BSF.2.00.1007170834400.32465@unqrf.nqzva.sez2>
	<20100717134149.GA40907@icarus.home.lan>
	<677C8B72CF414265A0819E4824212BB5@rivendell>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <677C8B72CF414265A0819E4824212BB5@rivendell>
User-Agent: Mutt/1.5.20 (2009-06-14)
Cc: "Mikhail T." <mi+thun@aldan.algebra.com>, freebsd-stable@freebsd.org,
	Henrik /KaarPoSoft <henrik@kaarposoft.dk>,
	Joerg Pulz <Joerg.Pulz@frm2.tum.de>
Subject: Re: openldap client GSSAPI authentication segfaults in
 fbsd8stablei386
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Jul 2010 14:41:24 -0000

On Sat, Jul 17, 2010 at 05:00:15PM +0300, Reko Turja wrote:
> >I'll build an i386 version of my testbox and start the procedure
> >over
> >again.
> 
> Just installed cyrus for testing into another i386 system and hit
> the same exact bug. I wonder if this is the reason for the problem
> we're encountering:
> 
> http://www.freebsd.org/cgi/query-pr.cgi?pr=138929
> 
> "This patch updates the heimdal-1.0.1_1 port to heimdal-1.2.1. It
> "works
> for me" on 7.2/i386 and 8.0/i386 and passes portlint. I needed to
> upgrade to Heimdal 1.2.1 on 8.0-BETA2 (base Heimdal is 1.1.0) to get
> GSSAPI authenticaion to work (through SASL) for the OpenLDAP server."

Heimdal is a Kerberos thing.  My test amd64 system I've been working on
*does not* have security/heimdal installed.  As stated a couple times
before, these are the ports on the test box:

testbox# pkg_info
cyrus-imapd-2.3.16_1 The cyrus mail server, supporting POP3 and IMAP4 protocols
cyrus-sasl-2.1.23   RFC 2222 SASL (Simple Authentication and Security Layer)
db41-4.1.25_4       The Berkeley DB package, revision 4.1
libtool-2.2.6b      Generic shared library support script
perl-5.10.1_1       Practical Extraction and Report Language
portaudit-0.5.15    Checks installed ports against a list of security vulnerabi
rsync-3.0.7         A network file distribution/synchronization utility
vim-lite-7.2.411    Vi "workalike", with many additional features (Lite package

Furthermore, on this system Kerberos is not configured/set up.  (I
attempted to that following Henrik/KaarPoSoft's instructions but got
stuck in a few places, so I reverted back to the above setup.  This is
why virtual machines + VM snapshot capability are useful.  :-) )

The problem really looks to be with GSSAPI, which is part of the base
system (src/lib/libgssapi).

If I can reproduce the problem on the test i386 system I'm building,
which will have the same port + configuration as the test amd64 system,
then I would say it's purely a GSSAPI thing regardless if you're using
GSSAPI w/ SASL or GSSAPI w/ Kerberos.

-- 
| Jeremy Chadwick                                   jdc@parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |