openldap client GSSAPI authentication segfaults in
fbsd8stablei386
Jeremy Chadwick
freebsd at jdc.parodius.com
Sat Jul 17 14:41:24 UTC 2010
On Sat, Jul 17, 2010 at 05:00:15PM +0300, Reko Turja wrote:
> >I'll build an i386 version of my testbox and start the procedure
> >over
> >again.
>
> Just installed cyrus for testing into another i386 system and hit
> the same exact bug. I wonder if this is the reason for the problem
> we're encountering:
>
> http://www.freebsd.org/cgi/query-pr.cgi?pr=138929
>
> "This patch updates the heimdal-1.0.1_1 port to heimdal-1.2.1. It
> "works
> for me" on 7.2/i386 and 8.0/i386 and passes portlint. I needed to
> upgrade to Heimdal 1.2.1 on 8.0-BETA2 (base Heimdal is 1.1.0) to get
> GSSAPI authenticaion to work (through SASL) for the OpenLDAP server."
Heimdal is a Kerberos thing. My test amd64 system I've been working on
*does not* have security/heimdal installed. As stated a couple times
before, these are the ports on the test box:
testbox# pkg_info
cyrus-imapd-2.3.16_1 The cyrus mail server, supporting POP3 and IMAP4 protocols
cyrus-sasl-2.1.23 RFC 2222 SASL (Simple Authentication and Security Layer)
db41-4.1.25_4 The Berkeley DB package, revision 4.1
libtool-2.2.6b Generic shared library support script
perl-5.10.1_1 Practical Extraction and Report Language
portaudit-0.5.15 Checks installed ports against a list of security vulnerabi
rsync-3.0.7 A network file distribution/synchronization utility
vim-lite-7.2.411 Vi "workalike", with many additional features (Lite package
Furthermore, on this system Kerberos is not configured/set up. (I
attempted to that following Henrik/KaarPoSoft's instructions but got
stuck in a few places, so I reverted back to the above setup. This is
why virtual machines + VM snapshot capability are useful. :-) )
The problem really looks to be with GSSAPI, which is part of the base
system (src/lib/libgssapi).
If I can reproduce the problem on the test i386 system I'm building,
which will have the same port + configuration as the test amd64 system,
then I would say it's purely a GSSAPI thing regardless if you're using
GSSAPI w/ SASL or GSSAPI w/ Kerberos.
--
| Jeremy Chadwick jdc at parodius.com |
| Parodius Networking http://www.parodius.com/ |
| UNIX Systems Administrator Mountain View, CA, USA |
| Making life hard for others since 1977. PGP: 4BD6C0CB |
More information about the freebsd-stable
mailing list