openldap client GSSAPI authentication segfaults in
fbsd8stablei386
Reko Turja
reko.turja at liukuma.net
Sun Jul 18 13:52:20 UTC 2010
After manually changing the gssapi header used in
/usr/src/include/rpc/rpcsec_gss.h to somewhat klunky "#include
"/usr/src/crypto/heimdal/lib/gssapi/gssapi/gssapi.h"" system csupped
yesterday built okay and after rebuilding cyrus-sasl, saslauthd and
cyrus I get the following failures in log:
Jul 18 16:37:35 moria perl: GSSAPI Error: Miscellaneous failure (see
text)^B (open(/tmp/krb5cc_0): No such file or directory)
-This is expected behaviour as Kerberos was not running at the moment,
but with Benjamin's patch Kerberos/GSSAPI spat out a meaningful error
message
After dusting off my old Kerberos setup, doing basic kinit and running
cyradm localhost I got:
Jul 18 16:39:00 moria perl: GSSAPI Error: Miscellaneous failure (see
text) (Server (imap/localhost at XXX.DOMAIN.COM) unknown)
-Again expected as there is no imap trust relationship defined.
So at least after cursory testing it looks like that with Benjamin's
patch there is a working GSSAPI/Kerberos backend available, instead of
something that chokes on passed parameters that are ok for every other
tested gssapi implementation.
Of course, more thorough testing in proper kerberised/LDAP environment
needs to be done, which is something I haven't got time at the moment.
-Reko
More information about the freebsd-stable
mailing list