Date: Sat, 17 Jul 2010 07:41:20 -0700 From: Jeremy Chadwick <freebsd@jdc.parodius.com> To: Reko Turja <reko.turja@liukuma.net> Cc: "Mikhail T." <mi+thun@aldan.algebra.com>, freebsd-stable@freebsd.org, Henrik /KaarPoSoft <henrik@kaarposoft.dk>, Joerg Pulz <Joerg.Pulz@frm2.tum.de> Subject: Re: openldap client GSSAPI authentication segfaults in fbsd8stablei386 Message-ID: <20100717144120.GA42230@icarus.home.lan> In-Reply-To: <677C8B72CF414265A0819E4824212BB5@rivendell> References: <EF24D143F0AF49AD9B27F838AFA0A6F4@rivendell> <20100716110427.GA1939@icarus.home.lan> <20100716111000.GA2501@icarus.home.lan> <7AD0E8F6044245DEA6C218A28F08FB99@rivendell> <20100716122446.GA3241@icarus.home.lan> <B06E2DF2032C480AA3094E2F561911AF@rivendell> <20100716135102.GA5625@icarus.home.lan> <alpine.BSF.2.00.1007170834400.32465@unqrf.nqzva.sez2> <20100717134149.GA40907@icarus.home.lan> <677C8B72CF414265A0819E4824212BB5@rivendell>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jul 17, 2010 at 05:00:15PM +0300, Reko Turja wrote: > >I'll build an i386 version of my testbox and start the procedure > >over > >again. > > Just installed cyrus for testing into another i386 system and hit > the same exact bug. I wonder if this is the reason for the problem > we're encountering: > > http://www.freebsd.org/cgi/query-pr.cgi?pr=138929 > > "This patch updates the heimdal-1.0.1_1 port to heimdal-1.2.1. It > "works > for me" on 7.2/i386 and 8.0/i386 and passes portlint. I needed to > upgrade to Heimdal 1.2.1 on 8.0-BETA2 (base Heimdal is 1.1.0) to get > GSSAPI authenticaion to work (through SASL) for the OpenLDAP server." Heimdal is a Kerberos thing. My test amd64 system I've been working on *does not* have security/heimdal installed. As stated a couple times before, these are the ports on the test box: testbox# pkg_info cyrus-imapd-2.3.16_1 The cyrus mail server, supporting POP3 and IMAP4 protocols cyrus-sasl-2.1.23 RFC 2222 SASL (Simple Authentication and Security Layer) db41-4.1.25_4 The Berkeley DB package, revision 4.1 libtool-2.2.6b Generic shared library support script perl-5.10.1_1 Practical Extraction and Report Language portaudit-0.5.15 Checks installed ports against a list of security vulnerabi rsync-3.0.7 A network file distribution/synchronization utility vim-lite-7.2.411 Vi "workalike", with many additional features (Lite package Furthermore, on this system Kerberos is not configured/set up. (I attempted to that following Henrik/KaarPoSoft's instructions but got stuck in a few places, so I reverted back to the above setup. This is why virtual machines + VM snapshot capability are useful. :-) ) The problem really looks to be with GSSAPI, which is part of the base system (src/lib/libgssapi). If I can reproduce the problem on the test i386 system I'm building, which will have the same port + configuration as the test amd64 system, then I would say it's purely a GSSAPI thing regardless if you're using GSSAPI w/ SASL or GSSAPI w/ Kerberos. -- | Jeremy Chadwick jdc@parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100717144120.GA42230>