Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 14 Jul 2010 11:42:45 +0300
From:      "Reko Turja" <reko.turja@liukuma.net>
To:        "Jeremy Chadwick" <freebsd@jdc.parodius.com>, "Henrik /KaarPoSoft" <henrik@kaarposoft.dk>
Cc:        freebsd-stable@freebsd.org, mamalos@eng.auth.gr
Subject:   Re: openldap client GSSAPI authentication segfaults in fbsd8stable i386
Message-ID:  <0228E401B70A4023A6F86A2ADAE59EF9@rivendell>
In-Reply-To: <20100713210729.GA11943@icarus.home.lan>
References:  <4C3CC831.7040005@kaarposoft.dk> <20100713210729.GA11943@icarus.home.lan>

next in thread | previous in thread | raw e-mail | index | archive | help
>> I have a problem: ldapsearch results in "Segmentation fault" under
>> openldap-2.4.23 with cyrus-sasl-2.1.23
>>
>> A thread for similar issues was started by George Mamalakis back in
>> february:
>> =
http://lists.freebsd.org/pipermail/freebsd-stable/2010-February/055017.ht=
ml
>> but I find no solution / conclusion from this thread, hence I post=20
>> here...
>>
>> I have installed FreeBSD 8.0-RELEASE-p2 on i386, updated with
>> freebsd-update, and ports updated with "portsnap fetch update".
>>
>> Kerberos installed from packages, configured, and seems to work OK.

I had similar issue with 8-RELEASE and cyrus-sasl2 with=20
cyrus-saslauthd linked against system kerberos.

(uname -a xxx.xxx.xxx 8.0-RELEASE-p3 FreeBSD 8.0-RELEASE-p3 #1: Sat=20
Jun 12 00:39:22 EEST 2010=20
root@xxx.xxx.xxx:/usr/obj/usr/src/sys/WWW  i386)

The problem manifested itself with pretty much the same backtrace when=20
using cyradm tool for administering cyrus mailboxes and due time=20
constraints I solved my issue by removing all the gssapi plugin libs=20
from /usr/local/lib/sasl2, so my solution isn't really applicable in=20
your case.

my /etc/hosts file for the server in question contains only localhost=20
entry + entry for one IP so George's solution didnt help with my=20
problem.

>> /var/log/messages has:
>> slapd[1146]: OTP unavailable because can't read/write key database
>> /etc/opiekeys: Permission denied
>> kernel: pid 53862 (ldapsearch), uid 1001: exited on signal 11 (core=20
>> dumped)
>>
>> The first message is from the LDAP server. Even if it has some
>> problem, it should not lead the client to segfault.
>
> I agree.
>
> If I was to build a test box from scratch, can you tell me how to=20
> set up
> all the necessary software/etc. to mimic your environment so that I
> could try to reproduce this?  Reviewing the source isn't enough, I'd
> have to actually build a debug version of libgssapi to track it=20
> down.

> Alternatively I can try to step you through how to debug this using=20
> gdb,
> but again, lack of debugging symbols makes this annoying.

I'd say that based on present evidence there is something broken in=20
gssapi/sasl interaction, but due my need of getting the server=20
functional quickly I didn't dig much further in the issue myself,=20
although I really don't know how to enable generating debugging=20
symbols for ports either - Which was another reason for not digging=20
deeper in the problem.

I wonder if using dovecot-sasl would work with ldap and if it has the=20
same issue as cyrus-sasl - athough it doesn't seem to be available as=20
separate port.

-Reko=20




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0228E401B70A4023A6F86A2ADAE59EF9>