openldap client GSSAPI authentication segfaults in
fbsd8stablei386
Reko Turja
reko.turja at liukuma.net
Fri Jul 16 11:33:20 UTC 2010
>> Thanks. Most of this worked, except the following:
[SNIP]
>> Which worked. I hope this was the right thing to do.
My bad there, I was slightly pressed for time and did not check if
default cyrus documentation was sane in freebsd context - what you did
was quite correct.
>> However, upon startup, I now see the following in all.log:
[SNIP]
>> I'm not sure if this feature is needed for reproducing the crash,
>> so I
>> modified cyrus.conf and commented the line out, then restarted
>> imapd,
>> which got me:
Yep, idled can be disabled as far as I'm aware, so nothing drastic
there either.
>> Then for the final test:
>>
>> testbox# cyradm
>> cyradm> quit
>> testbox# cyradm localhost
>> Password:
>>
>> Where I hit enter/blank, which got me:
>>
>> Login disabled.
>> cyradm: cannot authenticate to server with as root
>> testbox#
>>
>> And no sign of a crash.
>>
>> So what's next?
>
> I forgot to check all.log. It contains errors. Hopefully someone
> will
> know what to do about this:
>
> Jul 16 04:03:50 testbox imap[1619]: executed
> Jul 16 04:03:50 testbox imap[1619]: accepted connection
> Jul 16 04:03:50 testbox imap[1619]: OTP unavailable because can't
> read/write key database /etc/opiekeys: Permission denied
> Jul 16 04:03:50 testbox kernel: Jul 16 04:03:50 testbox imap[1619]:
> OTP unavailable because can't read/write key database /etc/opiekeys:
> Permission denied
> Jul 16 04:03:50 testbox perl: GSSAPI Error: Miscellaneous failure
> (see text) (unknown mech-code 2 for mech unknown)
> Jul 16 04:03:50 testbox kernel: Jul 16 04:03:50 testbox perl: GSSAPI
> Error: Miscellaneous failure (see text) (unknown mech-code 2 for
> mech unknown)
> Jul 16 04:03:50 testbox perl: DIGEST-MD5 client step 2
> Jul 16 04:04:00 testbox imap[1619]: badlogin: localhost [127.0.0.1]
> DIGEST-MD5 [SASL(-17): One time use of a plaintext password will
> enable requested mechanism for user: no secret in database]
> Jul 16 04:04:03 testbox perl: NTLM client step 1
> Jul 16 04:04:03 testbox imap[1619]: NTLM server step 1
> Jul 16 04:04:03 testbox imap[1619]: client flags: 207
> Jul 16 04:04:03 testbox perl: NTLM client step 2
> Jul 16 04:04:03 testbox perl: No worthy mechs found
> Jul 16 04:04:03 testbox kernel: Jul 16 04:04:03 testbox perl: No
> worthy mechs found
You can move the surplus mechs (libopie*, libntlm*) from
/usr/local/lib/sasl2 to for example /usr/local/lib/sasl2/disabled
check that you have the following in /etc/rc.conf and restart
saslauthd afterwards
saslauthd_enable="YES"
saslauthd_flags="-a pam"
-Reko
More information about the freebsd-stable
mailing list