Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 28 Jan 2005 21:59:21 -0500
From:      Mikhail Teterin <mi+mx@aldan.algebra.com>
To:        questions@FreeBSD.org
Cc:        freebsd-security@FreeBSD.org
Subject:   Cyrus IMAP crashes after reading /etc/krb5.conf
Message-ID:  <200501282159.21711.mi%2Bmx@aldan.algebra.com>
next in thread | raw e-mail | index | archive | help 
Hello!

I'm trying to configure a freshly built mail/cyrus-imapd22 to work and 
authenticate accounts -- Kerberos and plain text.

The GSSAPI authentication works already. After doing kinit, I can do ``imtest 
-m GSSAPI hostname'' and it succeeds.

Now I'm trying to login with plain text (over SSL). Cyrus' imapd keeps 
crashing from SIGBUS. According to ktrace, this happens right after reading 
the krb5.conf (I replaced our domain with "example" below):

 29641 imapd    CALL  open(0x8167e80,0,0x1b6)
 29641 imapd    NAMI  "/etc/krb5.conf"
 29641 imapd    RET   open 12/0xc
 29641 imapd    CALL  fstat(0xc,0xbfbfbb40)
 29641 imapd    RET   fstat 0
 29641 imapd    CALL  read(0xc,0x8172000,0x4000)
 29641 imapd    GIO   fd 12 read 370 bytes
       "# This is from http://barney.gonzaga.edu/~awithers/integration/
        
        [libdefaults]
        default_realm = US.EXAMPLE.COM
        #dns_lookup_realm = true
        #dns_lookup_kdc = true
        default_tkt_enctypes = des-cbc-md5
        default_tgs_enctypes = des-cbc-md5
        
        [realms]
        US.MUREX.COM = {
                kdc = blake.us.example.com:88
                kpasswd_server = blake.us.example.com:464
        }
        
        [domain_realm]
        .us.example.com = US.EXAMPLE.COM
       "
 29641 imapd    RET   read 370/0x172
 29641 imapd    CALL  read(0xc,0x8172000,0x4000)
 29641 imapd    GIO   fd 12 read 0 bytes
       ""
 29641 imapd    RET   read 0
 29641 imapd    CALL  close(0xc)
 29641 imapd    RET   close 0
 29641 imapd    CALL  issetugid
 29641 imapd    RET   issetugid 0
 29641 imapd    CALL  __sysctl(0xbfbfa6c8,0x2,0xbfbfa6c0,0xbfbfa6c4,0,0)
 29641 imapd    RET   __sysctl 0
 29641 imapd    PSIG  SIGSEGV SIG_DFL
 29641 imapd    NAMI  "imapd.core"

Is there anything obviously wrong with the file itself? Why else would Cyrus 
crash right after reading it? Note, that Blake is a Windows 2000 server...

Another change I did was modifying the /etc/pam.d/system to make both unix and 
krb5 sufficient:

--- /usr/src/etc/pam.d/system   Sat Jun 14 08:35:05 2003
+++ /etc/pam.d/system   Fri Jan 28 20:29:06 2005
@@ -9,5 +9,5 @@
 auth           requisite       pam_opieaccess.so       no_warn allow_local
-#auth          sufficient      pam_krb5.so             no_warn try_first_pass
+auth           sufficient      pam_krb5.so             no_warn try_first_pass
 #auth          sufficient      pam_ssh.so              no_warn try_first_pass
-auth           required        pam_unix.so             no_warn try_first_pass 
nullok
+auth           sufficient      pam_unix.so             no_warn try_first_pass 
nullok
 
Thank you very much for any hints!

	-mi

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200501282159.21711.mi%2Bmx>