[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: slapd crashes with Kerberos passwords (ITS#2606)
Sounds like a Kerberos library bug. You didn't mention which version of
Kerberos you're using.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
> -----Original Message-----
> From: owner-openldap-bugs@OpenLDAP.org
> [mailto:owner-openldap-bugs@OpenLDAP.org]On Behalf Of 444398@unizar.es
> Full_Name: Samuel Moñux
> Version: 2.1.20
> OS: Solaris 9/SPARC
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (80.58.47.235)
>
>
> I have observed that slapd dies on a Solaris 9 machine, when
> performing simple
> binds with {Kerberos} passwords. It ever happens at the *second
> attempt*. It's irrelevant if the binds are successful or not.
> If the first is
> successful it displays the
> requested data as usual, but not the second.
>
> - How to reproduce
>
> * client: ldapsearch -x -D
> "cn=foo,ou=people,dc=xxx,dc=xxx,dc=xxx,dc=xx" -W
> "(uid=xxx)"
>
> * slapd executed as
> ${LDAP}/libexec/slapd -f /usr/local/ldap/etc/openldap/slapd.conf -d \
> 255 -h ldap:/// ldaps:/// -s 256 -l local4 -4
>
> * Last output:
> [...]
> <= check a_dn_pat: uid=xxx.++realm=XXXXXXXXXXXXXXXXXXXX
> daemon: select timeout - yielding
> => string_expand: pattern: uid=xxx.++realm=XXXXXXXXXXXXXXXXXXXX
> daemon: select: listen=7 active_threads=1 tvp=idle
> => string_expand: expanded: uid=xxx.++realm=XXXXXXXXXXXXXXXXXXXX
> daemon: select: listen=8 active_threads=1 tvp=idle
> daemon: select timeout - yielding
> => regex_matches: string:
> daemon: select: listen=7 active_threads=1 tvp=idle
> => regex_matches: rc: 1 no matches
> daemon: select: listen=8 active_threads=1 tvp=idle
> <= check a_dn_pat: anonymous
> daemon: select timeout - yielding
> <= acl_mask: [3] applying auth(=x) (stop)
> daemon: select: listen=7 active_threads=1 tvp=idle
> <= acl_mask: [3] mask: auth(=x)
> daemon: select: listen=8 active_threads=1 tvp=idle
> => access_allowed: auth access granted by auth(=x)
> daemon: select timeout - yielding
> daemon: select: listen=7 active_threads=1 tvp=idle
> daemon: select: listen=8 active_threads=1 tvp=idle
> daemon: select timeout - yielding
> daemon: select: listen=7 active_threads=1 tvp=idle
> daemon: select: listen=8 active_threads=1 tvp=idle
> daemon: select timeout - yielding
> daemon: select: listen=7 active_threads=1 tvp=idle
> ksh: 6993 Segmentation Fault(coredump)
>
> - core
>
> (gdb) where
> #0 0xff17b0ac in profile_node_iterator ()
> #1 0xff17d880 in profile_get_value ()
> #2 0xff17dad4 in profile_get_integer ()
> #3 0xff158b64 in init_common ()
> #4 0xff158960 in krb5_init_context ()
> #5 0xf5f24 in lutil_passwd_hash ()
> #6 0xf5058 in lutil_passwd ()
> #7 0x7f670 in slap_passwd_check ()
> #8 0xd8084 in ldbm_back_bind ()
> #9 0x6b8f4 in do_bind ()
> #10 0x4284c in connection_done ()
> #11 0xff338700 in ldap_int_thread_pool_wrapper ()
> (gdb) list
> warning: Source file is more recent than executable.
>
> 1 /* GSSAPI SASL plugin
> 2 * Leif Johansson
> 3 * Rob Siemborski (SASL v2 Conversion)
> 4 * $Id: gssapi.c,v 1.72 2003/03/31 22:07:32 rjs3 Exp $
> 5 */
>
>
>