openldap client GSSAPI authentication segfaults in
fbsd8stablei386
Jeremy Chadwick
freebsd at jdc.parodius.com
Fri Jul 16 11:10:03 UTC 2010
On Fri, Jul 16, 2010 at 04:04:27AM -0700, Jeremy Chadwick wrote:
> On Fri, Jul 16, 2010 at 12:43:22PM +0300, Reko Turja wrote:
> > >This doesn't help. The problem is that Cyrus imapd is completely
> > >freaking out, continually dying and re-forking itself, with my
> > >kernel
> > >message buffer filling rapidly + all.log filling. So, there is
> > >further
> > >configuration of this daemon that's needed (meaning it does not work
> > >"straight out of the box"), and I need those configuration details.
> >
> > Below is the relevant parts of my config that should get you going:
> > [...]
>
> Thanks. Most of this worked, except the following:
>
> > And /usr/local/etc/imapd.conf
> > [...]
> > partition-default: /usr/local/imap
> > [...]
> > Change to the Cyrus user and use the tool "tools/mkimap" to create
> > the rest of the directories (subdirectories of the directories you
> > just created).
> > su cyrus
> > tools/mkimap
> > exit
>
> I changed partition-default to /var/spool/imap, which I think is what
> was needed, otherwise mkimap complained about being unable to create
> /usr/local/imap.
>
> Also, for the su portion, I had to do:
>
> # su cyrus
> % cd /usr/local/cyrus
> % bin/mkimap
>
> Which worked. I hope this was the right thing to do.
>
> However, upon startup, I now see the following in all.log:
>
> Jul 16 03:56:12 testbox master[1521]: process started
> Jul 16 03:56:12 testbox master[1522]: about to exec /usr/local/cyrus/bin/ctl_cyrusdb
> Jul 16 03:56:12 testbox ctl_cyrusdb[1522]: recovering cyrus databases
> Jul 16 03:56:12 testbox ctl_cyrusdb[1522]: done recovering cyrus databases
> Jul 16 03:56:12 testbox master[1523]: about to exec /usr/local/cyrus/bin/idled
> Jul 16 03:56:12 testbox master[1523]: can't exec /usr/local/cyrus/bin/idled for startup: No such file or directory
> Jul 16 03:56:12 testbox kernel: Jul 16 03:56:12 testbox master[1523]: can't exec /usr/local/cyrus/bin/idled for startup: No such file or directory
> Jul 16 03:56:12 testbox master[1521]: process 1523 exited, status 71
> Jul 16 03:56:12 testbox kernel: Jul 16 03:56:12 testbox master[1521]: process 1523 exited, status 71
>
> Which is true:
>
> testbox# find /usr/local -name "idled" -follow -ls
> testbox#
>
> I'm not sure if this feature is needed for reproducing the crash, so I
> modified cyrus.conf and commented the line out, then restarted imapd,
> which got me:
>
> Jul 16 04:00:22 testbox master[1594]: process started
> Jul 16 04:00:22 testbox master[1595]: about to exec /usr/local/cyrus/bin/ctl_cyrusdb
> Jul 16 04:00:22 testbox ctl_cyrusdb[1595]: recovering cyrus databases
> Jul 16 04:00:22 testbox ctl_cyrusdb[1595]: skiplist: checkpointed /var/imap/mailboxes.db (0 records, 144 bytes) in 0 seconds
> Jul 16 04:00:22 testbox ctl_cyrusdb[1595]: skiplist: checkpointed /var/imap/annotations.db (0 records, 144 bytes) in 0 seconds
> Jul 16 04:00:22 testbox ctl_cyrusdb[1595]: done recovering cyrus databases
> Jul 16 04:00:22 testbox master[1594]: ready for work
> Jul 16 04:00:22 testbox master[1596]: about to exec /usr/local/cyrus/bin/ctl_cyrusdb
> Jul 16 04:00:22 testbox master[1597]: about to exec /usr/local/cyrus/bin/notifyd
> Jul 16 04:00:22 testbox ctl_cyrusdb[1596]: checkpointing cyrus databases
> Jul 16 04:00:22 testbox ctl_cyrusdb[1596]: archiving database file: /var/imap/annotations.db
> Jul 16 04:00:22 testbox ctl_cyrusdb[1596]: archiving log file: /var/imap/db/log.0000000001
> Jul 16 04:00:22 testbox ctl_cyrusdb[1596]: archiving log file: /var/imap/db/log.0000000001
> Jul 16 04:00:22 testbox ctl_cyrusdb[1596]: archiving database file: /var/imap/mailboxes.db
> Jul 16 04:00:22 testbox notify[1597]: executed
> Jul 16 04:00:22 testbox ctl_cyrusdb[1596]: archiving log file: /var/imap/db/log.0000000001
> Jul 16 04:00:22 testbox ctl_cyrusdb[1596]: archiving log file: /var/imap/db/log.0000000001
> Jul 16 04:00:22 testbox ctl_cyrusdb[1596]: done checkpointing cyrus databases
> Jul 16 04:00:22 testbox master[1594]: process 1596 exited, status 0
>
> testbox# ps -auxw | grep cyrus
> cyrus 1594 0.0 0.4 22376 3916 ?? Ss 4:00AM 0:00.01 /usr/local/cyrus/bin/master -d
> cyrus 1597 0.0 0.4 53292 4412 ?? I 4:00AM 0:00.01 notifyd
>
> testbox# sockstat -l | grep cyrus
> cyrus notifyd 1597 4 dgram /var/imap/socket/notify
> cyrus master 1594 7 tcp4 *:143 *:*
> cyrus master 1594 10 tcp4 *:4190 *:*
> cyrus master 1594 13 stream /var/imap/socket/lmtp
> cyrus master 1594 16 dgram /var/imap/socket/notify
>
> Then for the final test:
>
> testbox# cyradm
> cyradm> quit
> testbox# cyradm localhost
> Password:
>
> Where I hit enter/blank, which got me:
>
> Login disabled.
> cyradm: cannot authenticate to server with as root
> testbox#
>
> And no sign of a crash.
>
> So what's next?
I forgot to check all.log. It contains errors. Hopefully someone will
know what to do about this:
Jul 16 04:03:50 testbox imap[1619]: executed
Jul 16 04:03:50 testbox imap[1619]: accepted connection
Jul 16 04:03:50 testbox imap[1619]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied
Jul 16 04:03:50 testbox kernel: Jul 16 04:03:50 testbox imap[1619]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied
Jul 16 04:03:50 testbox perl: GSSAPI Error: Miscellaneous failure (see text) (unknown mech-code 2 for mech unknown)
Jul 16 04:03:50 testbox kernel: Jul 16 04:03:50 testbox perl: GSSAPI Error: Miscellaneous failure (see text) (unknown mech-code 2 for mech unknown)
Jul 16 04:03:50 testbox perl: DIGEST-MD5 client step 2
Jul 16 04:04:00 testbox imap[1619]: badlogin: localhost [127.0.0.1] DIGEST-MD5 [SASL(-17): One time use of a plaintext password will enable requested mechanism for user: no secret in database]
Jul 16 04:04:03 testbox perl: NTLM client step 1
Jul 16 04:04:03 testbox imap[1619]: NTLM server step 1
Jul 16 04:04:03 testbox imap[1619]: client flags: 207
Jul 16 04:04:03 testbox perl: NTLM client step 2
Jul 16 04:04:03 testbox perl: No worthy mechs found
Jul 16 04:04:03 testbox kernel: Jul 16 04:04:03 testbox perl: No worthy mechs found
But like I said, no segfault/crash.
--
| Jeremy Chadwick jdc at parodius.com |
| Parodius Networking http://www.parodius.com/ |
| UNIX Systems Administrator Mountain View, CA, USA |
| Making life hard for others since 1977. PGP: 4BD6C0CB |
More information about the freebsd-stable
mailing list