openldap client GSSAPI authentication segfaults in fbsd8stablei386

Jeremy Chadwick freebsd at jdc.parodius.com
Sat Jul 17 14:41:24 UTC 2010 

On Sat, Jul 17, 2010 at 05:00:15PM +0300, Reko Turja wrote:
> >I'll build an i386 version of my testbox and start the procedure
> >over
> >again.
> 
> Just installed cyrus for testing into another i386 system and hit
> the same exact bug. I wonder if this is the reason for the problem
> we're encountering:
> 
> http://www.freebsd.org/cgi/query-pr.cgi?pr=138929
> 
> "This patch updates the heimdal-1.0.1_1 port to heimdal-1.2.1. It
> "works
> for me" on 7.2/i386 and 8.0/i386 and passes portlint. I needed to
> upgrade to Heimdal 1.2.1 on 8.0-BETA2 (base Heimdal is 1.1.0) to get
> GSSAPI authenticaion to work (through SASL) for the OpenLDAP server."

Heimdal is a Kerberos thing.  My test amd64 system I've been working on
*does not* have security/heimdal installed.  As stated a couple times
before, these are the ports on the test box:

testbox# pkg_info
cyrus-imapd-2.3.16_1 The cyrus mail server, supporting POP3 and IMAP4 protocols
cyrus-sasl-2.1.23   RFC 2222 SASL (Simple Authentication and Security Layer)
db41-4.1.25_4       The Berkeley DB package, revision 4.1
libtool-2.2.6b      Generic shared library support script
perl-5.10.1_1       Practical Extraction and Report Language
portaudit-0.5.15    Checks installed ports against a list of security vulnerabi
rsync-3.0.7         A network file distribution/synchronization utility
vim-lite-7.2.411    Vi "workalike", with many additional features (Lite package

Furthermore, on this system Kerberos is not configured/set up.  (I
attempted to that following Henrik/KaarPoSoft's instructions but got
stuck in a few places, so I reverted back to the above setup.  This is
why virtual machines + VM snapshot capability are useful.  :-) )

The problem really looks to be with GSSAPI, which is part of the base
system (src/lib/libgssapi).

If I can reproduce the problem on the test i386 system I'm building,
which will have the same port + configuration as the test amd64 system,
then I would say it's purely a GSSAPI thing regardless if you're using
GSSAPI w/ SASL or GSSAPI w/ Kerberos.

-- 
| Jeremy Chadwick                                   jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |

More information about the freebsd-stable mailing list