From owner-freebsd-stable@FreeBSD.ORG Thu Jun 2 13:32:39 2005 Return-Path: X-Original-To: freebsd-stable@FreeBSD.org Delivered-To: freebsd-stable@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F03CD16A41C; Thu, 2 Jun 2005 13:32:39 +0000 (GMT) (envelope-from bsam@bsam.ru) Received: from bsam.ru (gw.ipt.ru [80.253.10.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 93AB843D1F; Thu, 2 Jun 2005 13:32:38 +0000 (GMT) (envelope-from bsam@bsam.ru) Received: from bsam by bsam.ru with local (Exim 4.30; FreeBSD) id 1DdppK-000M4C-Gm; Thu, 02 Jun 2005 17:33:38 +0400 To: fandino@ng.fadesa.es References: <429D8B3B.50203@ng.fadesa.es> <29469499@srv.sem.ipt.ru> <429DE188.5020908@ng.fadesa.es> <09783236@srv.sem.ipt.ru> <429EE7D8.4050900@ng.fadesa.es> From: Boris Samorodov Date: Thu, 02 Jun 2005 17:33:38 +0400 In-Reply-To: <429EE7D8.4050900@ng.fadesa.es> (fandino@ng.fadesa.es's message of "Thu, 02 Jun 2005 13:04:56 +0200") Message-ID: <65121725@srv.sem.ipt.ru> User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: "Boris B. Samorodov" Cc: freebsd-stable@FreeBSD.org, freebsd-ports@FreeBSD.org Subject: Re: kadmin (heimdal port) ignores the ldap backend X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Jun 2005 13:32:40 -0000 On Thu, 02 Jun 2005 13:04:56 +0200 fandino wrote: > Boris Samorodov wrote: > >>>Do you build FreeBSD with Kerberos support? There may be system > > > >>Yes, it was builded with Kerberos(0.6.3) and the heimdal port > > Aha, thus you install system libraries to /usr/lib etc... > > > >>(0.6.3) was also installed in order to get ldap support for heimdal > > ...and those libraries from the port install to /usr/local/lib... > correct. > >>kerberos without getting messed with the system kerberos. > > ...and finally get it messed. > sometimes the longest way is _really_ the hardest way ;-) > >>>libraries located earlier in LDD_PATH which kadmin uses. Try ktrace > >>>and kdump to see which libraries are used at run-time. > > > >>you have found something interesting, this strace[1] shows us > >>that /usr/local/sbin/kadmin (the port kadmin binary) is using > >>"/usr/local/lib/libkadm5clnt.so.6" and "/usr/lib/libkadm5srv.so.7" > >>could libkadm5srv be the culprit (now I haven't access to this box)? > > I think this is the point. > >>how I can force /usr/local/sbin/kadmin to use the port library > >>and not the system library? > > 1. The main idea is to force search at /usr/local/lib before > > /usr/lib > ..... > I removed temporally all /usr/lib/libkadm5srv* libraries and as results > kadmin was forced to load /usr/local libraries, but I get the same > problem :-( > http://195.55.55.164/tests/FreeBSD/kdump.txt > again kadmin doesn't use ldap and fallback to database files. >From your dump: 58516 kadmin CALL access(0x28079000,0) 58516 kadmin NAMI "/usr/lib/libhdb.so.7" 58516 kadmin RET access 0 58516 kadmin CALL open(0x28076040,0,0xbfbfebcc) 58516 kadmin NAMI "/usr/lib/libhdb.so.7" 58516 kadmin RET open 3 58516 kadmin CALL fstat(0x3,0xbfbfebcc) 58516 kadmin RET fstat 0 58516 kadmin CALL read(0x3,0x28070c40,0x1000) 58516 kadmin GIO fd 3 read 4096 bytes Thus kadmin is using the system libhdb. The port version shuold be at /usr/local/lib. WBR -- bsam