Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 28 Feb 2009 13:15:10 -0500
From:      Tom McLaughlin <tmclaugh@sdf.lonestar.org>
To:        Harti Brandt <harti@freebsd.org>
Cc:        kazakov@gmail.com, current@freebsd.org
Subject:   Re: problem with nss_ldap
Message-ID:  <49A97F2E.3030005@sdf.lonestar.org>
In-Reply-To: <49A69B74.1080201@sdf.lonestar.org>
References:  <E2F5A6372272F744859F67CB11ABC1110507D4@exbe05.intra.dlr.de>	<alpine.BSF.1.10.0901231858510.1173@knopdnsimu13l.kn.op.dlr.de> <49A69B74.1080201@sdf.lonestar.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
This is a multi-part message in MIME format.
--------------080309080603080505040906
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Tom McLaughlin wrote:
> Harti Brandt wrote:
>> On Sun, 18 Jan 2009, Hartmut.Brandt@dlr.de wrote:

>>> Both create entries in /var/log/messages like:
>>>
>>> Jan 18 20:00:02 knopdnsimu13f cron[1495]: GSSAPI Error:  Miscellaneous failure (see text)???????????????ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
Z
> Z
>>  ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
>>> Jan 18 20:00:02 knopdnsimu13f kernel: ZZZZZZZZZZZZZZZZ
>>>
>>> I've tried to figure out in which of the dozens of layered libraries (gss, sasl, ssl, ......) this error is generated but did not find anything.
>>>
>>> This is on amd64, krb5 enabled in pam, gssapi disabled in sshd_config (as I said, this worked before).
>> So to answer my own mail: I made a link from the kerberos ticket file 
>> which contains the host ticket (and is specified in nss_ldap.conf) to 
>> /tmp/krb5cc_0. I've no idea why this is suddenly necessary, though.
> 
> There may be an issue with the env method used in nss_ldap to change the 
> credentials cache.  My mind is fuzzy but I do recall a similar issue but 
> don't remember the exact cause or case.  nss_ldap has a second 
> configurable ccname method which when I submitted the original patch I 
> intended to switch to once we had a newer heimdal.  Once I get nss_ldap 
> working on my box I intend to submit another patch.
> 
> tom

Hi Harti (CC maintainer),

Can you try the attached patch for nss_ldap?  This should cause the host 
ticket to work correctly on -CURRENT.  It's "my box approved".

tom

-- 
| tmclaugh at sdf.lonestar.org                 tmclaugh at FreeBSD.org |
| FreeBSD                                       http://www.FreeBSD.org |


--------------080309080603080505040906
Content-Type: text/plain;
 name="nss_ldap-krb5-ccname-gssapi.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="nss_ldap-krb5-ccname-gssapi.diff"

Index: Makefile
===================================================================
RCS file: /ncvs/ports/net/nss_ldap/Makefile,v
retrieving revision 1.27
diff -u -r1.27 Makefile
--- Makefile	5 Jan 2009 19:04:27 -0000	1.27
+++ Makefile	28 Feb 2009 05:21:19 -0000
@@ -33,11 +33,17 @@
 CONFIGURE_ARGS=	--with-ldap-conf-file=${PREFIX}/etc/nss_ldap.conf \
 		--with-ldap-secret-file=${PREFIX}/etc/nss_ldap.secret \
 		--enable-rfc2307bis \
-		--enable-paged-results \
-		--enable-configurable-krb5-ccname-env
+		--enable-paged-results
 
 MAN5=	nss_ldap.5
 
+.include <bsd.port.pre.mk>
+.if ${OSVERSION} >= 800064
+CONFIGURE_ARGS+=--enable-configurable-krb5-ccname-gssapi
+.else
+CONFIGURE_ARGS+=--enable-configurable-krb5-ccname-env
+.endif
+
 post-extract:
 	${CP} ${FILESDIR}/bsdnss.c ${WRKSRC}
 
@@ -49,4 +55,4 @@
 	${INSTALL_MAN} ${WRKSRC}/${MAN5} ${MAN5PREFIX}/man/man5
 	${SED} -e "s,%%PREFIX%%,${PREFIX},g" ${PKGMESSAGE}
 
-.include <bsd.port.mk>
+.include <bsd.port.post.mk>

--------------080309080603080505040906--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49A97F2E.3030005>