Date: Wed, 14 Jul 2010 02:32:08 -0700 From: Jeremy Chadwick <freebsd@jdc.parodius.com> To: George Mamalakis <mamalos@eng.auth.gr> Cc: freebsd-stable@freebsd.org Subject: Re: openldap client GSSAPI authentication segfaults in fbsd8stable i386 Message-ID: <20100714093208.GA29938@icarus.home.lan> In-Reply-To: <4C3D7BD9.5020503@eng.auth.gr> References: <4C3CC831.7040005@kaarposoft.dk> <20100713210729.GA11943@icarus.home.lan> <0228E401B70A4023A6F86A2ADAE59EF9@rivendell> <4C3D7BD9.5020503@eng.auth.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 14, 2010 at 11:56:57AM +0300, George Mamalakis wrote: > On 14/7/2010 11:42 πμ, Reko Turja wrote: > >>>I have a problem: ldapsearch results in "Segmentation fault" under > >>>openldap-2.4.23 with cyrus-sasl-2.1.23 > >>> > >>>A thread for similar issues was started by George Mamalakis back in > >>>february: > >>>http://lists.freebsd.org/pipermail/freebsd-stable/2010-February/055017.html > >>> > >>>but I find no solution / conclusion from this thread, hence I > >>>post here... > >>> > >>>I have installed FreeBSD 8.0-RELEASE-p2 on i386, updated with > >>>freebsd-update, and ports updated with "portsnap fetch update". > >>> > >>>Kerberos installed from packages, configured, and seems to work OK. > > > >I had similar issue with 8-RELEASE and cyrus-sasl2 with > >cyrus-saslauthd linked against system kerberos. > > > >(uname -a xxx.xxx.xxx 8.0-RELEASE-p3 FreeBSD 8.0-RELEASE-p3 #1: > >Sat Jun 12 00:39:22 EEST 2010 > >root@xxx.xxx.xxx:/usr/obj/usr/src/sys/WWW i386) > > > >The problem manifested itself with pretty much the same backtrace > >when using cyradm tool for administering cyrus mailboxes and due > >time constraints I solved my issue by removing all the gssapi > >plugin libs from /usr/local/lib/sasl2, so my solution isn't really > >applicable in your case. > > > >my /etc/hosts file for the server in question contains only > >localhost entry + entry for one IP so George's solution didnt help > >with my problem. > > > >>>/var/log/messages has: > >>>slapd[1146]: OTP unavailable because can't read/write key database > >>>/etc/opiekeys: Permission denied > >>>kernel: pid 53862 (ldapsearch), uid 1001: exited on signal 11 > >>>(core dumped) > >>> > >>>The first message is from the LDAP server. Even if it has some > >>>problem, it should not lead the client to segfault. > >> > >>I agree. > >> > >>If I was to build a test box from scratch, can you tell me how to set up > >>all the necessary software/etc. to mimic your environment so that I > >>could try to reproduce this? Reviewing the source isn't enough, I'd > >>have to actually build a debug version of libgssapi to track it down. > > > >>Alternatively I can try to step you through how to debug this using gdb, > >>but again, lack of debugging symbols makes this annoying. > > > >I'd say that based on present evidence there is something broken > >in gssapi/sasl interaction, but due my need of getting the server > >functional quickly I didn't dig much further in the issue myself, > >although I really don't know how to enable generating debugging > >symbols for ports either - Which was another reason for not > >digging deeper in the problem. > > > >I wonder if using dovecot-sasl would work with ldap and if it has > >the same issue as cyrus-sasl - athough it doesn't seem to be > >available as separate port. > > > >-Reko > > Hello guys, > > I am glad that somebody brought this issue back, since despite my > last email regarding the same issue on 25/02/2010 saying that there > must be something wrong with the function gss_release_buffer(void > *a, void *b), the issue got forgotten. The problem would not persist > in amd64, so I stopped looking it further myself. Whoever wants to > see more information on this issue, search the subject field of this > list for: openldap client GSSAPI authentication segfaults in > fbsd8stable i386 > > I hope that a remedy to this issue will be yielded this time. Like I said -- if someone can step me through setting everything up (configurations, whatever ports/packages need to be installed, etc.) to mimic their setup so that I can reproduce the problem, I'll put in the time to track it down. This would be on a dedicated/freshly installed machine (RELENG_8 running under VMware Workstation) to rule out any other oddities. It's the LDAP + any quirky GSSAPI or Cyrus stuff that I don't have experience with. -- | Jeremy Chadwick jdc@parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100714093208.GA29938>