openldap client GSSAPI authentication segfaults in fbsd8stablei386

Jeremy Chadwick freebsd at jdc.parodius.com
Fri Jul 16 11:10:03 UTC 2010 

On Fri, Jul 16, 2010 at 04:04:27AM -0700, Jeremy Chadwick wrote:
> On Fri, Jul 16, 2010 at 12:43:22PM +0300, Reko Turja wrote:
> > >This doesn't help.  The problem is that Cyrus imapd is completely
> > >freaking out, continually dying and re-forking itself, with my
> > >kernel
> > >message buffer filling rapidly + all.log filling.  So, there is
> > >further
> > >configuration of this daemon that's needed (meaning it does not work
> > >"straight out of the box"), and I need those configuration details.
> > 
> > Below is the relevant parts of my config that should get you going:
> > [...]
> 
> Thanks.  Most of this worked, except the following:
> 
> > And /usr/local/etc/imapd.conf
> > [...]
> > partition-default: /usr/local/imap
> > [...]
> > Change to the Cyrus user and use the tool "tools/mkimap" to create
> > the rest of the directories (subdirectories of the directories you
> > just created).
> >   su cyrus
> >   tools/mkimap
> >   exit
> 
> I changed partition-default to /var/spool/imap, which I think is what
> was needed, otherwise mkimap complained about being unable to create
> /usr/local/imap.
> 
> Also, for the su portion, I had to do:
> 
> # su cyrus
> % cd /usr/local/cyrus
> % bin/mkimap
> 
> Which worked.  I hope this was the right thing to do.
> 
> However, upon startup, I now see the following in all.log:
> 
> Jul 16 03:56:12 testbox master[1521]: process started
> Jul 16 03:56:12 testbox master[1522]: about to exec /usr/local/cyrus/bin/ctl_cyrusdb
> Jul 16 03:56:12 testbox ctl_cyrusdb[1522]: recovering cyrus databases
> Jul 16 03:56:12 testbox ctl_cyrusdb[1522]: done recovering cyrus databases
> Jul 16 03:56:12 testbox master[1523]: about to exec /usr/local/cyrus/bin/idled
> Jul 16 03:56:12 testbox master[1523]: can't exec /usr/local/cyrus/bin/idled for startup: No such file or directory
> Jul 16 03:56:12 testbox kernel: Jul 16 03:56:12 testbox master[1523]: can't exec /usr/local/cyrus/bin/idled for startup: No such file or directory
> Jul 16 03:56:12 testbox master[1521]: process 1523 exited, status 71
> Jul 16 03:56:12 testbox kernel: Jul 16 03:56:12 testbox master[1521]: process 1523 exited, status 71
> 
> Which is true:
> 
> testbox# find /usr/local -name "idled" -follow -ls
> testbox#
> 
> I'm not sure if this feature is needed for reproducing the crash, so I
> modified cyrus.conf and commented the line out, then restarted imapd,
> which got me:
> 
> Jul 16 04:00:22 testbox master[1594]: process started
> Jul 16 04:00:22 testbox master[1595]: about to exec /usr/local/cyrus/bin/ctl_cyrusdb
> Jul 16 04:00:22 testbox ctl_cyrusdb[1595]: recovering cyrus databases
> Jul 16 04:00:22 testbox ctl_cyrusdb[1595]: skiplist: checkpointed /var/imap/mailboxes.db (0 records, 144 bytes) in 0 seconds
> Jul 16 04:00:22 testbox ctl_cyrusdb[1595]: skiplist: checkpointed /var/imap/annotations.db (0 records, 144 bytes) in 0 seconds
> Jul 16 04:00:22 testbox ctl_cyrusdb[1595]: done recovering cyrus databases
> Jul 16 04:00:22 testbox master[1594]: ready for work
> Jul 16 04:00:22 testbox master[1596]: about to exec /usr/local/cyrus/bin/ctl_cyrusdb
> Jul 16 04:00:22 testbox master[1597]: about to exec /usr/local/cyrus/bin/notifyd
> Jul 16 04:00:22 testbox ctl_cyrusdb[1596]: checkpointing cyrus databases
> Jul 16 04:00:22 testbox ctl_cyrusdb[1596]: archiving database file: /var/imap/annotations.db
> Jul 16 04:00:22 testbox ctl_cyrusdb[1596]: archiving log file: /var/imap/db/log.0000000001
> Jul 16 04:00:22 testbox ctl_cyrusdb[1596]: archiving log file: /var/imap/db/log.0000000001
> Jul 16 04:00:22 testbox ctl_cyrusdb[1596]: archiving database file: /var/imap/mailboxes.db
> Jul 16 04:00:22 testbox notify[1597]: executed
> Jul 16 04:00:22 testbox ctl_cyrusdb[1596]: archiving log file: /var/imap/db/log.0000000001
> Jul 16 04:00:22 testbox ctl_cyrusdb[1596]: archiving log file: /var/imap/db/log.0000000001
> Jul 16 04:00:22 testbox ctl_cyrusdb[1596]: done checkpointing cyrus databases
> Jul 16 04:00:22 testbox master[1594]: process 1596 exited, status 0
> 
> testbox# ps -auxw | grep cyrus
> cyrus  1594  0.0  0.4 22376  3916  ??  Ss    4:00AM   0:00.01 /usr/local/cyrus/bin/master -d
> cyrus  1597  0.0  0.4 53292  4412  ??  I     4:00AM   0:00.01 notifyd
> 
> testbox# sockstat -l | grep cyrus
> cyrus    notifyd    1597  4  dgram  /var/imap/socket/notify
> cyrus    master     1594  7  tcp4   *:143                 *:*
> cyrus    master     1594  10 tcp4   *:4190                *:*
> cyrus    master     1594  13 stream /var/imap/socket/lmtp
> cyrus    master     1594  16 dgram  /var/imap/socket/notify
> 
> Then for the final test:
> 
> testbox# cyradm
> cyradm> quit
> testbox# cyradm localhost
> Password:
> 
> Where I hit enter/blank, which got me:
> 
> Login disabled.
> cyradm: cannot authenticate to server with  as root
> testbox#
> 
> And no sign of a crash.
> 
> So what's next?

I forgot to check all.log.  It contains errors.  Hopefully someone will
know what to do about this:

Jul 16 04:03:50 testbox imap[1619]: executed
Jul 16 04:03:50 testbox imap[1619]: accepted connection
Jul 16 04:03:50 testbox imap[1619]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied
Jul 16 04:03:50 testbox kernel: Jul 16 04:03:50 testbox imap[1619]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied
Jul 16 04:03:50 testbox perl: GSSAPI Error:  Miscellaneous failure (see text) (unknown mech-code 2 for mech unknown)
Jul 16 04:03:50 testbox kernel: Jul 16 04:03:50 testbox perl: GSSAPI Error:  Miscellaneous failure (see text) (unknown mech-code 2 for mech unknown)
Jul 16 04:03:50 testbox perl: DIGEST-MD5 client step 2
Jul 16 04:04:00 testbox imap[1619]: badlogin: localhost [127.0.0.1] DIGEST-MD5 [SASL(-17): One time use of a plaintext password will enable requested mechanism for user: no secret in database]
Jul 16 04:04:03 testbox perl: NTLM client step 1
Jul 16 04:04:03 testbox imap[1619]: NTLM server step 1
Jul 16 04:04:03 testbox imap[1619]: client flags: 207
Jul 16 04:04:03 testbox perl: NTLM client step 2
Jul 16 04:04:03 testbox perl: No worthy mechs found
Jul 16 04:04:03 testbox kernel: Jul 16 04:04:03 testbox perl: No worthy mechs found

But like I said, no segfault/crash.

-- 
| Jeremy Chadwick                                   jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |

More information about the freebsd-stable mailing list