Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 14 Jul 2010 02:32:08 -0700
From:      Jeremy Chadwick <freebsd@jdc.parodius.com>
To:        George Mamalakis <mamalos@eng.auth.gr>
Cc:        freebsd-stable@freebsd.org
Subject:   Re: openldap client GSSAPI authentication segfaults in fbsd8stable i386
Message-ID:  <20100714093208.GA29938@icarus.home.lan>
In-Reply-To: <4C3D7BD9.5020503@eng.auth.gr>
References:  <4C3CC831.7040005@kaarposoft.dk> <20100713210729.GA11943@icarus.home.lan> <0228E401B70A4023A6F86A2ADAE59EF9@rivendell> <4C3D7BD9.5020503@eng.auth.gr>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 14, 2010 at 11:56:57AM +0300, George Mamalakis wrote:
> On 14/7/2010 11:42 πμ, Reko Turja wrote:
> >>>I have a problem: ldapsearch results in "Segmentation fault" under
> >>>openldap-2.4.23 with cyrus-sasl-2.1.23
> >>>
> >>>A thread for similar issues was started by George Mamalakis back in
> >>>february:
> >>>http://lists.freebsd.org/pipermail/freebsd-stable/2010-February/055017.html
> >>>
> >>>but I find no solution / conclusion from this thread, hence I
> >>>post here...
> >>>
> >>>I have installed FreeBSD 8.0-RELEASE-p2 on i386, updated with
> >>>freebsd-update, and ports updated with "portsnap fetch update".
> >>>
> >>>Kerberos installed from packages, configured, and seems to work OK.
> >
> >I had similar issue with 8-RELEASE and cyrus-sasl2 with
> >cyrus-saslauthd linked against system kerberos.
> >
> >(uname -a xxx.xxx.xxx 8.0-RELEASE-p3 FreeBSD 8.0-RELEASE-p3 #1:
> >Sat Jun 12 00:39:22 EEST 2010
> >root@xxx.xxx.xxx:/usr/obj/usr/src/sys/WWW i386)
> >
> >The problem manifested itself with pretty much the same backtrace
> >when using cyradm tool for administering cyrus mailboxes and due
> >time constraints I solved my issue by removing all the gssapi
> >plugin libs from /usr/local/lib/sasl2, so my solution isn't really
> >applicable in your case.
> >
> >my /etc/hosts file for the server in question contains only
> >localhost entry + entry for one IP so George's solution didnt help
> >with my problem.
> >
> >>>/var/log/messages has:
> >>>slapd[1146]: OTP unavailable because can't read/write key database
> >>>/etc/opiekeys: Permission denied
> >>>kernel: pid 53862 (ldapsearch), uid 1001: exited on signal 11
> >>>(core dumped)
> >>>
> >>>The first message is from the LDAP server. Even if it has some
> >>>problem, it should not lead the client to segfault.
> >>
> >>I agree.
> >>
> >>If I was to build a test box from scratch, can you tell me how to set up
> >>all the necessary software/etc. to mimic your environment so that I
> >>could try to reproduce this? Reviewing the source isn't enough, I'd
> >>have to actually build a debug version of libgssapi to track it down.
> >
> >>Alternatively I can try to step you through how to debug this using gdb,
> >>but again, lack of debugging symbols makes this annoying.
> >
> >I'd say that based on present evidence there is something broken
> >in gssapi/sasl interaction, but due my need of getting the server
> >functional quickly I didn't dig much further in the issue myself,
> >although I really don't know how to enable generating debugging
> >symbols for ports either - Which was another reason for not
> >digging deeper in the problem.
> >
> >I wonder if using dovecot-sasl would work with ldap and if it has
> >the same issue as cyrus-sasl - athough it doesn't seem to be
> >available as separate port.
> >
> >-Reko
>
> Hello guys,
> 
> I am glad that somebody brought this issue back, since despite my
> last email regarding the same issue on 25/02/2010 saying that there
> must be something wrong with the function gss_release_buffer(void
> *a, void *b), the issue got forgotten. The problem would not persist
> in amd64, so I stopped looking it further myself. Whoever wants to
> see more information on this issue, search the subject field of this
> list for: openldap client GSSAPI authentication segfaults in
> fbsd8stable i386
> 
> I hope that a remedy to this issue will be yielded this time.

Like I said -- if someone can step me through setting everything up
(configurations, whatever ports/packages need to be installed, etc.) to
mimic their setup so that I can reproduce the problem, I'll put in the
time to track it down.  This would be on a dedicated/freshly installed
machine (RELENG_8 running under VMware Workstation) to rule out any
other oddities.

It's the LDAP + any quirky GSSAPI or Cyrus stuff that I don't have
experience with.

-- 
| Jeremy Chadwick                                   jdc@parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100714093208.GA29938>