From nobody Sat Mar 09 23:08:28 2024 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TsdyF2DZwz5Cfr1 for ; Sat, 9 Mar 2024 23:08:53 +0000 (UTC) (envelope-from dan@langille.org) Received: from wfout3-smtp.messagingengine.com (wfout3-smtp.messagingengine.com [64.147.123.146]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4TsdyD2wDKz4jHb for ; Sat, 9 Mar 2024 23:08:52 +0000 (UTC) (envelope-from dan@langille.org) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=langille.org header.s=fm1 header.b=vQeiCVbu; dkim=pass header.d=messagingengine.com header.s=fm1 header.b=W6+R5x60; dmarc=pass (policy=none) header.from=langille.org; spf=pass (mx1.freebsd.org: domain of dan@langille.org designates 64.147.123.146 as permitted sender) smtp.mailfrom=dan@langille.org Received: from compute7.internal (compute7.nyi.internal [10.202.2.48]) by mailfout.west.internal (Postfix) with ESMTP id 8C11F1C00096 for ; Sat, 9 Mar 2024 18:08:50 -0500 (EST) Received: from imap42 ([10.202.2.92]) by compute7.internal (MEProxy); Sat, 09 Mar 2024 18:08:50 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=langille.org; h= cc:content-transfer-encoding:content-type:content-type:date:date :from:from:in-reply-to:message-id:mime-version:reply-to:subject :subject:to:to; s=fm1; t=1710025730; x=1710112130; bh=Uctx7WAdx1 fLocXbv7LHKB/6gqgfvmn6T23ztzNSum4=; b=vQeiCVbuS4kmdlPaWcotPzEnfh +UF4TSzAHA6SoT5s/Eb3HVBYjL0aKcD1uVQT8h/C1+snNPza3Z7AdFR+g7c3YaU7 IYZkG1SquDsUpPJvaoEBNyJIXDr3zNvAQ2ftmW7GlIzuVtiDJx/nXmC58JqkTFZM QxwQewk+dGD/6atOQoeQ8mBLZimAlYExYrKfp3Ce+Xp+BqJvV9d9hM/c+SiHVep6 Fq7bbYTMK35KKF2/9pGqb1jMzadaN6DFRRFL/kdKIeWerpupYoGyeT+j8+n2HpVK Fq6fUZe0IMIO3NtbzGcgKb0Z+JxwU31u6O1zsaen3ntqAyLvG/wcq/JkSFfA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:message-id:mime-version:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; t=1710025730; x=1710112130; bh=Uctx7WAdx1fLocXbv7LHKB/6gqgf vmn6T23ztzNSum4=; b=W6+R5x60WXcHuB5aKWoIV+69oVg/8MJ66eyGDN4Atgvx 7zWax6jF9ZvGYiiXbq2q4PacKoAxMUnrOkp0vzNLdljgaql59dEVKJeQazZoDNgz LXA2JaNRcq2wuBYsbDPcBMwBkDnR8R6sQ2EaNMbrluRUYG7PXt9jtGlYrGkJ6jY6 5ZixTj3O3dOwHjySVfniDOP2m2/WWk3At2bwdicW1VjydTkfhIGZ6w0Kqy9G03/J H9UOnovr9Ukrtg2Rv2ci1rJu0a/NZL0MRaqYN+4CpruPLXcq1thJcuGo/djU8cAk OK2ZJtODaK4oHY38HbHuT9+dJb7RYizKz5wD0MQHLA== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrieekgddtiecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkfffhvffutgfgsehtqhertd erreejnecuhfhrohhmpedfffgrnhcunfgrnhhgihhllhgvfdcuoegurghnsehlrghnghhi lhhlvgdrohhrgheqnecuggftrfgrthhtvghrnhepleejveekudeiieduueekjedujeefhe evgfefieduudeiveejuefhgeelvdfhtdetnecuffhomhgrihhnpehfrhgvvggsshgurdho rhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepug grnheslhgrnhhgihhllhgvrdhorhhg X-ME-Proxy: Feedback-ID: ifbf9424e:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id E7DACBC007D; Sat, 9 Mar 2024 18:08:49 -0500 (EST) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.11.0-alpha0-251-g8332da0bf6-fm-20240305.001-g8332da0b List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 Message-Id: Date: Sat, 09 Mar 2024 18:08:28 -0500 From: "Dan Langille" To: freebsd-questions@freebsd.org Subject: Do you have kstart, nslcd, or msktutil working with FreeBSD 14.0? Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.09 / 15.00]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[langille.org,none]; R_SPF_ALLOW(-0.20)[+ip4:64.147.123.128/27]; R_DKIM_ALLOW(-0.20)[langille.org:s=fm1,messagingengine.com:s=fm1]; RCVD_IN_DNSWL_LOW(-0.10)[64.147.123.146:from]; MIME_GOOD(-0.10)[text/plain]; XM_UA_NO_VERSION(0.01)[]; ARC_NA(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_TLS_LAST(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; RCPT_COUNT_ONE(0.00)[1]; FROM_HAS_DN(0.00)[]; FREEFALL_USER(0.00)[dan]; MIME_TRACE(0.00)[0:+]; TO_DN_NONE(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; DKIM_TRACE(0.00)[langille.org:+,messagingengine.com:+]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RWL_MAILSPIKE_POSSIBLE(0.00)[64.147.123.146:from]; MLMMJ_DEST(0.00)[freebsd-questions@freebsd.org]; ASN(0.00)[asn:29838, ipnet:64.147.123.0/24, country:US]; DWL_DNSWL_NONE(0.00)[messagingengine.com:dkim] X-Rspamd-Queue-Id: 4TsdyD2wDKz4jHb Hello, We've been unable to get kstart, nslcd, or msktutil working with FreeBSD= 14.0. They abort, error out, and/dump. For now, we have stalled 14.0 deployment plans until we can resolve this= . We suspect it is an openssl issue. We first posted back in early December: https://forums.freebsd.org/threa= ds/ldap-issues-on-freebsd-14-0.91345/ Posting here to widen the audienc= e in case others have found something similar. Here is kstart not cooperating. root@walnuts-dev:/tmp # lldb --core 0.k5start.98404.core /usr/local/bin/= k5start (lldb) target create "/usr/local/bin/k5start" --core "0.k5start.98404.co= re" Core file '/tmp/0.k5start.98404.core' (x86_64) was loaded. (lldb) bt * thread #1, name =3D 'k5start', stop reason =3D signal SIGSEGV * frame #0: 0x0000000825446c7f libcrypto.so.30`EVP_Cipher(ctx=3D0x0000= 0a6d97eb4d80, out=3D"\xba\U00000004\x82Q\x96\x99{\xd00\U0000001a\xa0\U00= 000011\U00000018\U0000000f20231214010802Z\xa1\U00000005\U00000002\U00000= 003\f[X\xb6:=C7=96\xff\xff\xff\U0000001f", in=3D"\xba\U00000004\x82Q\x96= \x99{\xd00\U0000001a\xa0\U00000011\U00000018\U0000000f20231214010802Z\xa= 1\U00000005\U00000002\U00000003\f[X\xb6:=C7=96\xff\xff\xff\U0000001f", i= nl=3D36) at evp_lib.c:406:27 frame #1: 0x00000008236be4b6 libkrb5.so.11`ARCFOUR_encrypt [inlined]= ARCFOUR_subencrypt(context=3D0x00000a6d97e1b000, key=3D, d= ata=3D0x00000a6d97ed14c0, len=3D, usage=3D, iv= ec=3D) at crypto-arcfour.c:184:5 frame #2: 0x00000008236be352 libkrb5.so.11`ARCFOUR_encrypt(context=3D= 0x00000a6d97e1b000, key=3D, data=3D0x00000a6d97ed14c0, len=3D= , encryptp=3D, usage=3D, ivec=3D<= unavailable>) at crypto-arcfour.c:311:9 frame #3: 0x00000008236c2ac8 libkrb5.so.11`krb5_encrypt_ivec [inline= d] encrypt_internal_special(context=3D0x00000a6d97e1b000, crypto=3D0x000= 00a6d97e2d8f0, usage=3D1, data=3D0x00000a6d97ecf920, len=3D28, result=3D= 0x0000000820f32d08, ivec=3D) at crypto.c:969:11 frame #4: 0x00000008236c2a39 libkrb5.so.11`krb5_encrypt_ivec(context= =3D0x00000a6d97e1b000, crypto=3D0x00000a6d97e2d8f0, usage=3D1, data=3D0x= 00000a6d97ecf920, len=3D28, result=3D0x0000000820f32d08, ivec=3D0x000000= 0000000000) at crypto.c:1761:9 frame #5: 0x00000008236c2e65 libkrb5.so.11`krb5_encrypt_EncryptedDat= a [inlined] krb5_encrypt(context=3D, crypto=3D0x00000a6d97e= 2d8f0, usage=3D, data=3D, len=3D,= result=3D0x0000000820f32d08) at crypto.c:1775:12 frame #6: 0x00000008236c2e52 libkrb5.so.11`krb5_encrypt_EncryptedDat= a(context=3D0x00000a6d97e1b000, crypto=3D0x00000a6d97e2d8f0, usage=3D1, = data=3D0x00000a6d97ecf920, len=3D, kvno=3D0, result=3D0x000= 0000820f32cf8) at crypto.c:1793:12 frame #7: 0x00000008236d32c5 libkrb5.so.11`add_enc_ts_padata [inline= d] make_pa_enc_timestamp(context=3D0x00000a6d97e1b000, md=3D0x00000a6d97= ed5000, etype=3D, key=3D0x00000a6d97ecfa00) at init_creds_p= w.c:954:11 frame #8: 0x00000008236d3211 libkrb5.so.11`add_enc_ts_padata(context= =3D0x00000a6d97e1b000, md=3D0x00000a6d97ed5000, client=3D, = keyproc=3D(libkrb5.so.11`keytab_key_proc at init_creds_pw.c:1479), keyse= ed=3D0x00000a6d97e20180, enctypes=3D0x00000a6d97e2d8c0, netypes=3D1, sal= t=3D0x00000a6d97e2d8c8, s2kparams=3D0x0000000000000000) at init_creds_pw= .c:1018:8 frame #9: 0x00000008236d15da libkrb5.so.11`krb5_init_creds_step [inl= ined] pa_data_to_md_ts_enc(context=3D0x00000a6d97e1b000, a=3D0x00000a6d9= 7e5a0d0, client=3D, ctx=3D0x00000a6d97e5a000, ppaid=3D0x000= 00a6d97e2d8c0, md=3D0x00000a6d97ed5000) at init_creds_pw.c:1040:2 frame #10: 0x00000008236d15a6 libkrb5.so.11`krb5_init_creds_step at = init_creds_pw.c:1224:2 frame #11: 0x00000008236d156d libkrb5.so.11`krb5_init_creds_step(con= text=3D0x00000a6d97e1b000, ctx=3D0x00000a6d97e5a000, in=3D0x0000000820f3= 3028, out=3D0x0000000820f33018, hostinfo=3D0x0000000000000000, flags=3D0= x0000000820f33014) at init_creds_pw.c:1816:11 frame #12: 0x00000008236d1caf libkrb5.so.11`krb5_init_creds_get(cont= ext=3D0x00000a6d97e1b000, ctx=3D0x00000a6d97e5a000) at init_creds_pw.c:1= 928:8 frame #13: 0x00000008236d29de libkrb5.so.11`krb5_get_init_creds_keyt= ab(context=3D0x00000a6d97e1b000, creds=3D0x0000000820f33100, client=3D, keytab=3D0x00000a6d97e2f000, start_time=3D, in= _tkt_service=3D"krbtgt/ABC.EXAMPLE.COM@ABC.EXAMPLE.COM", options=3D0x000= 00a6d97e10440) at init_creds_pw.c:2136:11 frame #14: 0x00000000002068f2 k5start`___lldb_unnamed_symbol208 + 690 frame #15: 0x00000000002053e6 k5start`___lldb_unnamed_symbol202 + 182 frame #16: 0x0000000000206609 k5start`___lldb_unnamed_symbol207 + 26= 17 frame #17: 0x00000008287f7afa libc.so.7`__libc_start1(argc=3D11, arg= v=3D0x0000000820f338c0, env=3D0x0000000820f33920, cleanup=3D, mainX=3D(k5start`___lldb_unnamed_symbol207)) at libc_start1.c:157:7 frame #18: 0x0000000000205240 k5start`___lldb_unnamed_symbol198 + 48 --=20 Dan Langille dan@langille.org