libgssapi causing login failures
Tom McLaughlin
tmclaugh at sdf.lonestar.org
Tue May 8 02:00:55 UTC 2007
Hi all,
Since it's ports freeze time I decided to play elsewhere. I'm putting
up a -CURRENT box here at home synced as of this morning and trying to
get cyrus-sasl2's GSSAPI stuff working with openldap-sasl-client and
nss_ldap and GSSAPI working for authentication with sshd. It all
already works fine on the -STABLE box here. After installing
cyrus-sasl2 and openldap-sasl-client I would get a core dump when trying
to bind to the ldap directory using SASL/GSSAPI for authentication.
(Crash info is below.) I found that about a year and a half ago dfr@
made changes to our libgssapi. For the heck of it I relinked sasl's
libgssapiv2.so.2 from libgssapi.so.8 to libgssapi_krb5.so.8 and I could
bind to the directory using SASL/GSSAPI for authentication. nss_ldap
started working too. I have a pretty good feeling what I did isn't the
right fix though.
Now I want to use GSSAPI to login via ssh. I'm using the same config as
I do on my -STABLE box but again I can't login and I see the following
in /var/log/messages each time I attempt to connect:
May 7 14:33:34 releng-7 kernel: pid 84442 (sshd), uid 0: exited on signal 11
Is there something I'm missing setup wise on -CURRENT that's different
from -STABLE wrt libgssapi? Do we need to start checking and fixing
ports on -CURRENT which use libgssapi? Any help would be greatly
appreciated. Thanks.
tom
ldapwhoami crash info:
---
[root at releng-7 /root]# ldapwhoami
SASL/GSSAPI authentication started
Segmentation fault (core dumped)
/var/log/messages:
May 7 11:39:08 releng-7 kernel: pid 949 (ldapwhoami), uid 0: exited on signal 11 (core dumped)
backtrace:
---
#0 _gss_oid_equal (oid1=0x28459084, oid2=0x0)
at /usr/src/lib/libgssapi/gss_utils.c:39
39 if (oid1->length != oid2->length)
---
#0 _gss_oid_equal (oid1=0x28459084, oid2=0x0)
at /usr/src/lib/libgssapi/gss_utils.c:39
No locals.
#1 0x2838a481 in _gss_find_mech_switch (mech=0x0)
at /usr/src/lib/libgssapi/gss_mech_switch.c:297
m = (struct _gss_mech_switch *) 0x28459080
#2 0x283892bc in gss_init_sec_context (minor_status=0xbfbfe828,
initiator_cred_handle=0x0, context_handle=0x2843d244,
target_name=0x28458240, mech_type=0x0, req_flags=58, time_req=0,
input_chan_bindings=0x0, input_token=0x0, actual_mech_type=0x0,
output_token=0xbfbfe830, ret_flags=0xbfbfe80c, time_rec=0x0)
at /usr/src/lib/libgssapi/gss_init_sec_context.c:78
major_status = 0
m = (struct _gss_mech_switch *) 0xbfbfe818
mn = (struct _gss_mechanism_name *) 0xbfbfe828
ctx = (struct _gss_context *) 0x28419288
mc = (struct _gss_mechanism_cred *) 0x0
cred_handle = 0x283887a4
allocated_ctx = -1077942328
#3 0x283823c0 in gssapi_client_mech_step (conn_context=0x2843d240,
params=0x28436080, serverin=0x0, serverinlen=0, prompt_need=0xbfbfe9fc,
clientout=0xbfbfe9f4, clientoutlen=0xbfbfe9f8, oparams=0x2845b860)
at gssapi.c:1418
text = (context_t *) 0x2843d240
input_token = 0x0
output_token = 0xbfbfe830
real_input_token = {length = 0, value = 0x0}
real_output_token = {length = 672017564, value = 0x0}
maj_stat = 0
min_stat = 0
max_input = 3217025092
name_token = {length = 31, value = 0x0}
ret = 108
req_flags = 58
out_req_flags = 0
#4 0x280d216e in sasl_client_step (conn=0x2845b000, serverin=0x0,
serverinlen=0, prompt_need=0xbfbfe9fc, clientout=0xbfbfe9f4,
clientoutlen=0xbfbfe9f8) at client.c:655
c_conn = (sasl_client_conn_t *) 0x2845b000
result = 671617024
#5 0x280d1f9b in sasl_client_start (conn=0x2845b000,
mechlist=0x2841a440 "PLAIN LOGIN GSSAPI DIGEST-MD5 CRAM-MD5 ANONYMOUS",
prompt_need=0xbfbfe9fc, clientout=0xbfbfe9f4, clientoutlen=0xbfbfe9f8,
mech=0xbfbfea18) at client.c:603
c_conn = (sasl_client_conn_t *) 0x2845b000
name = "����P(3((���p\2021(P(3(�"
m = (cmechanism_t *) 0x0
bestm = (cmechanism_t *) 0x0
pos = 0
place = 1
list_len = 671586020
bestssf = 0
minssf = 0
result = 674333244
#6 0x28091844 in ldap_int_sasl_bind (ld=0x28421180, dn=0x0,
mechs=0x2841a440 "PLAIN LOGIN GSSAPI DIGEST-MD5 CRAM-MD5 ANONYMOUS",
sctrls=0x0, cctrls=0x0, flags=0, interact=0x804c294 <_init+12836>,
defaults=0x28418140) at cyrus.c:689
data = 0x2841a440 "PLAIN LOGIN GSSAPI DIGEST-MD5 CRAM-MD5 ANONYMOUS"
mech = 0x283846cb "GSSAPI"
pmech = 0x283846cb "GSSAPI"
saslrc = 2
rc = 0
ssf = (sasl_ssf_t *) 0x0
ctx = (sasl_conn_t *) 0x2845b000
oldctx = (sasl_conn_t *) 0x0
prompts = (sasl_interact_t *) 0x0
credlen = 0
ccred = {bv_len = 0, bv_val = 0x0}
sd = 3
ssl = (void *) 0x28440260
#7 0x28094af6 in ldap_sasl_interactive_bind_s (ld=0x28421180, dn=0x0,
mechs=0x2841a440 "PLAIN LOGIN GSSAPI DIGEST-MD5 CRAM-MD5 ANONYMOUS",
serverControls=0x0, clientControls=0x0, flags=0,
interact=0x804c294 <_init+12836>, defaults=0x28418140) at sasl.c:479
rc = 0
smechs = 0x2841a440 "PLAIN LOGIN GSSAPI DIGEST-MD5 CRAM-MD5 ANONYMOUS"
--
| tmclaugh at sdf.lonestar.org tmclaugh at FreeBSD.org |
| FreeBSD http://www.FreeBSD.org |
| BSD# http://www.mono-project.com/Mono:FreeBSD |
More information about the freebsd-current
mailing list