subject:"bug in NSS \?"

Re: bug in NSS ?

2003-10-21 Thread

   my /usr/local/lib/sasl2/Sendmail.conf:
   pwcheck_method: auxprop
   auxprop_plugin: sasldb
  Is the Sendmail.conf file the same as the FreeBSD file on the Solaris 8
  system?

yes of course. On Solaris8 box and FreeBSD box i have a identical
configuration.

 Does  sasldblistusers2 on the Solaris 8 system list the test user in the
 sasldb file?  If it does, is their a test user in the FreeBSD sasldb file?

yes.

# sasldblistusers2
[EMAIL PROTECTED]: userPassword
[EMAIL PROTECTED]: userPassword

on FreeBSD and Solaris  i can successfully authenticate any user from sasldb
via SMTP with sendmail:

# perl -e 'use MIME::Base64; print encode_base64(test\0test\0test);'
dGVzdAB0ZXN0AHRlc3Q=

$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 server.komi.mts.ru ESMTP Sendmail 8.12.10/8.12.10; Tue, 21 Oct 2003
13:29:41 +0400 (MSD)
ehlo test
250-server.komi.mts.ru Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH CRAM-MD5 DIGEST-MD5 NTLM LOGIN PLAIN
250-DELIVERBY
250 HELP
AUTH PLAIN dGVzdAB0ZXN0AHRlc3Q=
235 2.0.0 OK Authenticated
quit
221 2.0.0 server.komi.mts.ru closing connection
Connection closed by foreign host.

But, user test (from ldap) on FreeBSD cannot send mail from command line via
/usr/bin/mail or /usr/sbin/sendmail (if MSP use AUTH):

%id
uid=1000(test) gid=1000(test) groups=1000(test)

%date | /usr/sbin/sendmail -v root
root... Connecting to [127.0.0.1] via relay...
220 server.komi.mts.ru ESMTP Sendmail 8.12.10/8.12.10; Tue, 21 Oct 2003
13:44:57 +0400 (MSD)
 EHLO server.komi.mts.ru
250-server.komi.mts.ru Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH CRAM-MD5 DIGEST-MD5 NTLM LOGIN PLAIN
250-DELIVERBY
250 HELP
 QUIT
221 2.0.0 server.komi.mts.ru closing connection
root... Deferred: Temporary AUTH failure
Closing connection to [127.0.0.1]

On Solaris this work fine.

And any user from /etc/passwd can successfully send mail from command line
via /usr/bin/mail or /usr/sbin/sendmail (if MSP use AUTH) on Solaris and
FreeBSD:

$ id
uid=70(pgsql) gid=70(pgsql) groups=70(pgsql)

$ date|/usr/sbin/sendmail -v root
root... Connecting to [127.0.0.1] via relay...
220 server.komi.mts.ru ESMTP Sendmail 8.12.10/8.12.10; Tue, 21 Oct 2003
13:51:05 +0400 (MSD)
 EHLO server.komi.mts.ru
250-server.komi.mts.ru Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH CRAM-MD5 DIGEST-MD5 NTLM LOGIN PLAIN
250-DELIVERBY
250 HELP
 AUTH PLAIN c21tc3AAc21tc3AAc21tc3A=
235 2.0.0 OK Authenticated
 MAIL From:[EMAIL PROTECTED] SIZE=29
[EMAIL PROTECTED]
250 2.1.0 [EMAIL PROTECTED]... Sender ok
 RCPT To:[EMAIL PROTECTED]
 DATA
250 2.1.5 [EMAIL PROTECTED]... Recipient ok
354 Enter mail, end with . on a line by itself
 .
250 2.0.0 h9L9p5XM000790 Message accepted for delivery
root... Sent (h9L9p5XM000790 Message accepted for delivery)
Closing connection to [127.0.0.1]
 QUIT
221 2.0.0 server.komi.mts.ru closing connection

AUTH PLAIN c21tc3AAc21tc3AAc21tc3A= - is authinfo for user smmsp
(smmsp\0smmsp\0smmsp):

# perl -e 'use MIME::Base64;print decode_base64(c21tc3AAc21tc3AAc21tc3A=)
, \n;'
smmspsmmspsmmsp

Why auth work for local users and don't work for nss_ldap users ?

Thanks!

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: bug in NSS ?

2003-10-20 Thread Scot W. Hetzel

From:[EMAIL PROTECTED]
 I have a problem with nss_ldap on FreeBSD.
 After tranfer users from /etc/passwd to ldap directories my users cannot
 send a mail via /usr/bin/mail | /usr/sbin/sendmail  program:

:
 Any ideas ?

What are the contents of the /usr/local/lib/sasl*/Sendmail.conf file?

Is pwcheck_method set to saslauthd, or sasldb?

If it is set to saslauthd, what flags do you use for it (-a pam or -a ldap)?

Scot

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: bug in NSS ?

2003-10-20 Thread Alex Deiter

 I have a problem with nss_ldap on FreeBSD.
 After tranfer users from /etc/passwd to ldap directories my users cannot
 send a mail via /usr/bin/mail | /usr/sbin/sendmail  program:

What are the contents of the /usr/local/lib/sasl*/Sendmail.conf file?
Is pwcheck_method set to saslauthd, or sasldb?
If it is set to saslauthd, what flags do you use for it (-a pam or -a
ldap)?

my /usr/local/lib/sasl2/Sendmail.conf:
pwcheck_method: auxprop
auxprop_plugin: sasldb

Thanks!

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: bug in NSS ?

2003-10-20 Thread Scot W. Hetzel

From: Alex Deiter [EMAIL PROTECTED]
  I have a problem with nss_ldap on FreeBSD.
  After tranfer users from /etc/passwd to ldap directories my users
cannot
  send a mail via /usr/bin/mail | /usr/sbin/sendmail  program:

 What are the contents of the /usr/local/lib/sasl*/Sendmail.conf file?
 Is pwcheck_method set to saslauthd, or sasldb?
 If it is set to saslauthd, what flags do you use for it (-a pam or -a
 ldap)?

 my /usr/local/lib/sasl2/Sendmail.conf:
 pwcheck_method: auxprop
 auxprop_plugin: sasldb

Is the Sendmail.conf file the same as the FreeBSD file on the Solaris 8
system?

How is saslauthd started on both systems (-a pam, -a sasldb, -a ldap)?

Scot

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: bug in NSS ?

2003-10-20 Thread Scot W. Hetzel

From: Scot W. Hetzel [EMAIL PROTECTED]
 From: Alex Deiter [EMAIL PROTECTED]
   I have a problem with nss_ldap on FreeBSD.
   After tranfer users from /etc/passwd to ldap directories my users
 cannot
   send a mail via /usr/bin/mail | /usr/sbin/sendmail  program:

  What are the contents of the /usr/local/lib/sasl*/Sendmail.conf file?
  Is pwcheck_method set to saslauthd, or sasldb?
  If it is set to saslauthd, what flags do you use for it (-a pam or -a
  ldap)?

  my /usr/local/lib/sasl2/Sendmail.conf:
  pwcheck_method: auxprop
  auxprop_plugin: sasldb

 Is the Sendmail.conf file the same as the FreeBSD file on the Solaris 8
 system?

Does  sasldblistusers2 on the Solaris 8 system list the test user in the
sasldb file?  If it does, is their a test user in the FreeBSD sasldb file?

 How is saslauthd started on both systems (-a pam, -a sasldb, -a ldap)?

Scot

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to [EMAIL PROTECTED]

Bug in nss compat code?

2003-08-14 Thread James F. Hranicky

I think I've found a few bugs in the NSS code for FreeBSD 5.1 . I'm not
sure of the best way to split them up, so I'll list them all here.

FreeBSD version:
  % uname -a
  FreeBSD myrtle 5.1-CURRENT FreeBSD 5.1-CURRENT #1: 
  Mon Aug 11 17:15:47 EDT 2003 
  [EMAIL PROTECTED]:/private/freebsd-src/obj/private/freebsd-src/src/sys/CISEKERN
  i386

 1) getnetgrent still seems to ignore the NIS netgroup maps and only uses
/etc/netgroup. A '+' as the only entry in /etc/netgroup does not force
an NIS netgroup map lookup. This bug has been reported in the 4.x tree
as well.

 2) There's an odd bug in sshd/nss when the following are configured:

- nsswitch.conf
passwd: compat

- sshd_config
ChallengeResponseAuthentication yes (default)
HostbasedAuthentication yes

When /etc/netgroup doesn't exist, the sshd hangs when logging in with
HostbasedAuthentication:

[EMAIL PROTECTED]:~ # gdb /usr/sbin/sshd
GNU gdb 5.2.1 (FreeBSD)
(gdb) run -d -p 987

[ some debugging output deleted for readability]

debug1: KEX done
debug1: userauth-request for user jfh service ssh-connection method none
debug1: attempt 0 failures 0
debug1: PAM: initializing for jfh
debug1: PAM: setting PAM_RHOST to waterspout.cise.ufl.edu
Failed none for jfh from 128.227.205.52 port 47962 ssh2
Failed none for jfh from 128.227.205.52 port 47962 ssh2
debug1: userauth-request for user jfh service ssh-connection method hostbased
debug1: attempt 1 failures 1
debug1: userauth_hostbased: cuser jfh chost waterspout.cise.ufl.edu. pkalg 
ssh-dss slen 55
Failed hostbased for jfh from 128.227.205.52 port 47962 ssh2
debug1: userauth-request for user jfh service ssh-connection method hostbased
debug1: attempt 2 failures 2
debug1: userauth_hostbased: cuser jfh chost waterspout.cise.ufl.edu. pkalg 
ssh-rsa slen 143
Failed hostbased for jfh from 128.227.205.52 port 47962 ssh2
debug1: userauth-request for user jfh service ssh-connection method 
keyboard-interactive
debug1: attempt 3 failures 3
debug1: keyboard-interactive devs 
debug1: auth2_challenge: user=jfh devs=
debug1: kbdint_alloc: devices 'pam'
debug1: auth2_challenge_start: trying authentication method 'pam'
^C
Program received signal SIGINT, Interrupt.
0x282e987f in read () at {standard input}:15
15  {standard input}: No such file or directory.
in {standard input}
Current language:  auto; currently asm
(gdb) Quit
(gdb) where
#0  0x282e987f in read () at {standard input}:15
#1  0x281409ab in atomicio (f=0x5, fd=-1077940208, _s=0xbfbff038, n=674583073)
at /private/freebsd-src/src/crypto/openssh/atomicio.c:45
#2  0x281286a9 in ssh_msg_recv (fd=5, m=0xbfbff010) at 
/private/freebsd-src/src/crypto/openssh/msg.c:58
#3  0x08062bb5 in pam_query (ctx=0x807a870, name=0x7, info=0x7, 
num=0xbfbff064, prompts=0xbfbff068, 
echo_on=0xbfbff06c) at 
/private/freebsd-src/src/crypto/openssh/auth2-pam-freebsd.c:397
#4  0x0805ef2a in mm_answer_pam_query (socket=3, m=0xbfbff0a0)
at /private/freebsd-src/src/crypto/openssh/monitor.c:799
#5  0x0805e51a in monitor_read (pmonitor=0x8075580, ent=0x8070320, 
pent=0xbfbff0ec)
at /private/freebsd-src/src/crypto/openssh/monitor.c:388
#6  0x0805e208 in monitor_child_preauth (pmonitor=0x8075580)
at /private/freebsd-src/src/crypto/openssh/monitor.c:301
#7  0x0804ed1f in privsep_preauth () at 
/private/freebsd-src/src/crypto/openssh/sshd.c:605
#8  0x0805087a in main (ac=47962, av=0x807a7b0) at 
/private/freebsd-src/src/crypto/openssh/sshd.c:1523
#9  0x0804e1a2 in _start (ap=0xbfbffb24 /usr/sbin/sshd)
at /private/freebsd-src/src/lib/csu/i386-elf/crt1.c:104

With either ChallengeResponseAuthentication or HostbasedAuthentication
disabled, I'm prompted for a password. With both enabled, sshd hangs
here, and I'm never prompted for a password on the client side.

However, if /etc/netgroup does exist and is populated with netgroup info, I 
get a core dump in sshd:

(gdb) run -d -p 987
[ ... ] 
debug1: KEX done
debug1: userauth-request for user jfh service ssh-connection method none
debug1: attempt 0 failures 0
debug1: PAM: initializing for jfh
debug1: PAM: setting PAM_RHOST to waterspout.cise.ufl.edu
Failed none for jfh from 128.227.205.52 port 47968 ssh2
Failed none for jfh from 128.227.205.52 port 47968 ssh2
debug1: userauth-request for user jfh service ssh-connection method hostbased
debug1: attempt 1 failures 1
debug1: userauth_hostbased: cuser jfh chost waterspout.cise.ufl.edu. pkalg 
ssh-dss slen

Re: bug in NSS ?

Re: bug in NSS ?

Re: bug in NSS ?

Re: bug in NSS ?

Re: bug in NSS ?

Bug in nss compat code?

6 matches

Site Navigation

Mail list logo

Footer information