Re: openldap client GSSAPI authentication segfaults in fbsd8stablei386

Fri, 16 Jul 2010 04:33:48 -0700 

Thanks.  Most of this worked, except the following:

[SNIP]

Which worked.  I hope this was the right thing to do.



My bad there, I was slightly pressed for time and did not check if 
default cyrus documentation was sane in freebsd context - what you did 
was quite correct.



However, upon startup, I now see the following in all.log:

[SNIP]

I'm not sure if this feature is needed for reproducing the crash, 
so I
modified cyrus.conf and commented the line out, then restarted 
imapd,

which got me:



Yep, idled can be disabled as far as I'm aware, so nothing drastic 
there either.



Then for the final test:

testbox# cyradm
cyradm> quit
testbox# cyradm localhost
Password:

Where I hit enter/blank, which got me:

Login disabled.
cyradm: cannot authenticate to server with  as root
testbox#

And no sign of a crash.

So what's next?



I forgot to check all.log.  It contains errors.  Hopefully someone 
will

know what to do about this:

Jul 16 04:03:50 testbox imap[1619]: executed
Jul 16 04:03:50 testbox imap[1619]: accepted connection

Jul 16 04:03:50 testbox imap[1619]: OTP unavailable because can't 
read/write key database /etc/opiekeys: Permission denied
Jul 16 04:03:50 testbox kernel: Jul 16 04:03:50 testbox imap[1619]: 
OTP unavailable because can't read/write key database /etc/opiekeys: 
Permission denied
Jul 16 04:03:50 testbox perl: GSSAPI Error:  Miscellaneous failure 
(see text) (unknown mech-code 2 for mech unknown)
Jul 16 04:03:50 testbox kernel: Jul 16 04:03:50 testbox perl: GSSAPI 
Error:  Miscellaneous failure (see text) (unknown mech-code 2 for 
mech unknown)

Jul 16 04:03:50 testbox perl: DIGEST-MD5 client step 2

Jul 16 04:04:00 testbox imap[1619]: badlogin: localhost [127.0.0.1] 
DIGEST-MD5 [SASL(-17): One time use of a plaintext password will 
enable requested mechanism for user: no secret in database]

Jul 16 04:04:03 testbox perl: NTLM client step 1
Jul 16 04:04:03 testbox imap[1619]: NTLM server step 1
Jul 16 04:04:03 testbox imap[1619]: client flags: 207
Jul 16 04:04:03 testbox perl: NTLM client step 2
Jul 16 04:04:03 testbox perl: No worthy mechs found

Jul 16 04:04:03 testbox kernel: Jul 16 04:04:03 testbox perl: No 
worthy mechs found



You can move the surplus mechs (libopie*, libntlm*) from 
/usr/local/lib/sasl2 to for example /usr/local/lib/sasl2/disabled



check that you have the following in /etc/rc.conf and restart 
saslauthd afterwards


saslauthd_enable="YES"
saslauthd_flags="-a pam"


-Reko 


_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"



























					Reply via email to