[Date Prev][Date Next] [Chronological] [Thread] [Top]
Re: GSSAPI on sparc64 (ITS#3054)

To: openldap-its@OpenLDAP.org
Subject: Re: GSSAPI on sparc64 (ITS#3054)
From: Kurt@OpenLDAP.org
Date: Sat, 3 Apr 2004 17:06:26 GMT
 From the information you provide, it is unclear whether the
problem lies with OpenLDAP Software or with Cyrus SASL or
at a lower level (GSSAPI/Kerberos).  You also did not say
which version of Cyrus SASL nor which flavor/version of
Kerberos you were using.  I suggest you try the latest
Cyrus SASL libraries with the latest Heimdal Kerberos
libraries.

Kurt

At 02:38 PM 4/2/2004, tiamat@komi.mts.ru wrote:
>Full_Name: Alex Deiter
>Version: 2.2.8
>OS: FreeBSD
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (212.44.140.14)
>
>
>GSSAPI authentication don't work on FreeBSD 5.2.1 sparc64:
>
># klist
>Credentials cache: FILE:/tmp/krb5cc_0
>        Principal: tiamat@KOMI.MTS.RU
>
>  Issued           Expires          Principal
>Apr  3 02:28:45  Apr  3 12:24:54  krbtgt/KOMI.MTS.RU@KOMI.MTS.RU
>
># ldapsearch -d 1 -LLL -Y GSSAPI
>ldap_create
>ldap_sasl_interactive_bind_s: user selected: GSSAPI
>ldap_int_sasl_bind: GSSAPI
>ldap_new_connection
>ldap_int_open_connection
>ldap_connect_to_host: TCP localhost:389
>ldap_new_socket: 3
>ldap_prepare_socket: 3
>ldap_connect_to_host: Trying ::1 389
>ldap_connect_timeout: fd: 3 tm: -1 async: 0
>ldap_ndelay_on: 3
>ldap_is_sock_ready: 3
>ldap_ndelay_off: 3
>ldap_int_sasl_open: host=selma.komi.mts.ru
>SASL/GSSAPI authentication started
>ldap_sasl_bind_s
>ldap_sasl_bind
>ldap_send_initial_request
>ldap_send_server_request
>ber_flush: 585 bytes to sd 3
>ldap_result msgid 1
>ldap_chkResponseList for msgid=1, all=1
>ldap_chkResponseList returns NULL
>wait4msg (infinite timeout), msgid 1
>wait4msg continue, msgid 1, all 1
>** Connections:
>* host: localhost  port: 389  (default)
>  refcnt: 2  status: Connected
>  last used: Sat Apr  3 02:26:05 2004
>
>** Outstanding Requests:
> * msgid 1,  origid 1, status InProgress
>   outstanding referrals 0, parent count 0
>** Response Queue:
>   Empty
>ldap_chkResponseList for msgid=1, all=1
>ldap_chkResponseList returns NULL
>ldap_int_select
>read1msg: msgid 1, all 1
>ber_get_next
>ber_get_next: tag 0x30 len 124 contents:
>ldap_read: message type bind msgid 1, original id 1
>ber_scanf fmt ({iaa) ber:
>read1msg:  0 new referrals
>read1msg:  mark request completed, id = 1
>request 1 done
>res_errno: 0, res_error: <>, res_matched: <>
>ldap_free_request (origid 1, msgid 1)
>ldap_free_connection
>ldap_free_connection: refcnt 1
>ldap_parse_sasl_bind_result
>ber_scanf fmt ({iaa) ber:
>ber_scanf fmt (O) ber:
>ldap_parse_result
>ber_scanf fmt ({iaa) ber:
>ber_scanf fmt (x) ber:
>ber_scanf fmt (}) ber:
>ldap_msgfree
>sasl_client_step: 1
>ldap_sasl_bind_s
>ldap_sasl_bind
>ldap_send_initial_request
>ldap_send_server_request
>ber_flush: 22 bytes to sd 3
>ldap_result msgid 2
>ldap_chkResponseList for msgid=2, all=1
>ldap_chkResponseList returns NULL
>wait4msg (infinite timeout), msgid 2
>wait4msg continue, msgid 2, all 1
>** Connections:
>* host: localhost  port: 389  (default)
>  refcnt: 2  status: Connected
>  last used: Sat Apr  3 02:26:05 2004
>
>** Outstanding Requests:
> * msgid 2,  origid 2, status InProgress
>   outstanding referrals 0, parent count 0
>** Response Queue:
>   Empty
>ldap_chkResponseList for msgid=2, all=1
>ldap_chkResponseList returns NULL
>ldap_int_select
>read1msg: msgid 2, all 1
>ber_get_next
>ber_get_next: tag 0x30 len 79 contents:
>ldap_read: message type bind msgid 2, original id 2
>ber_scanf fmt ({iaa) ber:
>read1msg:  0 new referrals
>read1msg:  mark request completed, id = 2
>request 2 done
>res_errno: 0, res_error: <>, res_matched: <>
>ldap_free_request (origid 2, msgid 2)
>ldap_free_connection
>ldap_free_connection: refcnt 1
>ldap_parse_sasl_bind_result
>ber_scanf fmt ({iaa) ber:
>ber_scanf fmt (O) ber:
>ldap_parse_result
>ber_scanf fmt ({iaa) ber:
>ber_scanf fmt (x) ber:
>ber_scanf fmt (}) ber:
>ldap_msgfree
>sasl_client_step: 0
>ldap_sasl_bind_s
>ldap_sasl_bind
>ldap_send_initial_request
>ldap_send_server_request
>ber_flush: 89 bytes to sd 3
>ldap_result msgid 3
>ldap_chkResponseList for msgid=3, all=1
>ldap_chkResponseList returns NULL
>wait4msg (infinite timeout), msgid 3
>wait4msg continue, msgid 3, all 1
>** Connections:
>* host: localhost  port: 389  (default)
>  refcnt: 2  status: Connected
>  last used: Sat Apr  3 02:26:05 2004
>
>** Outstanding Requests:
> * msgid 3,  origid 3, status InProgress
>   outstanding referrals 0, parent count 0
>** Response Queue:
>   Empty
>ldap_chkResponseList for msgid=3, all=1
>ldap_chkResponseList returns NULL
>ldap_int_select
>read1msg: msgid 3, all 1
>ber_get_next
>ber_get_next: tag 0x30 len 12 contents:
>ldap_read: message type bind msgid 3, original id 3
>ber_scanf fmt ({iaa) ber:
>read1msg:  0 new referrals
>read1msg:  mark request completed, id = 3
>request 3 done
>res_errno: 0, res_error: <>, res_matched: <>
>ldap_free_request (origid 3, msgid 3)
>ldap_free_connection
>ldap_free_connection: refcnt 1
>ldap_parse_sasl_bind_result
>ber_scanf fmt ({iaa) ber:
>ldap_parse_result
>ber_scanf fmt ({iaa) ber:
>ber_scanf fmt (}) ber:
>ldap_msgfree
>SASL username: tiamat@KOMI.MTS.RU
>SASL SSF: 56
>SASL installing layers
>ldap_pvt_sasl_install
>ldap_search_ext
>put_filter: "(objectclass=*)"
>put_filter: simple
>put_simple_filter: "objectclass=*"
>ldap_send_initial_request
>ldap_send_server_request
>ber_flush: 39 bytes to sd 3
>ldap_free_request (origid 4, msgid 4)
>ldap_free_connection
>ldap_free_connection: refcnt 1
>ldap_err2string
>ldapsearch: ldap_search_ext: Can't contact LDAP server (-1)
>ldap_free_connection
>ldap_send_unbind
>ber_flush: 7 bytes to sd 3
>ldap_free_connection: actually freed
>
>slapd log:
>
>Apr  3 02:27:21 selma slapd[83832]: do_bind
>Apr  3 02:27:21 selma slapd[83832]: >>> dnPrettyNormal: <>
>Apr  3 02:27:21 selma slapd[83832]: <<< dnPrettyNormal: <>, <>
>Apr  3 02:27:21 selma slapd[83832]: do_sasl_bind: dn () mech GSSAPI
>Apr  3 02:27:21 selma slapd[83832]: conn=12 op=0 BIND dn="" method=163
>Apr  3 02:27:21 selma slapd[83832]: ==> sasl_bind: dn="" mech=GSSAPI
>datalen=553
>....
>Apr  3 02:27:21 selma slapd[83832]: send_ldap_sasl: err=14 len=110
>Apr  3 02:27:21 selma slapd[83832]: send_ldap_response: msgid=1 tag=97 err=14
>Apr  3 02:27:21 selma slapd[83832]: <== slap_sasl_bind: rc=14
>....
>Apr  3 02:27:21 selma slapd[83832]: do_bind
>Apr  3 02:27:21 selma slapd[83832]: >>> dnPrettyNormal: <>
>Apr  3 02:27:21 selma slapd[83832]: <<< dnPrettyNormal: <>, <>
>Apr  3 02:27:21 selma slapd[83832]: do_sasl_bind: dn () mech GSSAPI
>Apr  3 02:27:21 selma slapd[83832]: conn=12 op=1 BIND dn="" method=163
>Apr  3 02:27:21 selma slapd[83832]: ==> sasl_bind: dn="" mech=<continuing>
>datalen=0
>Apr  3 02:27:21 selma slapd[83832]: send_ldap_sasl: err=14 len=65
>Apr  3 02:27:21 selma slapd[83832]: send_ldap_response: msgid=2 tag=97 err=14
>Apr  3 02:27:21 selma slapd[83832]: <== slap_sasl_bind: rc=14
>....
>Apr  3 02:27:21 selma slapd[83832]: do_bind
>Apr  3 02:27:21 selma slapd[83832]: >>> dnPrettyNormal: <>
>Apr  3 02:27:21 selma slapd[83832]: <<< dnPrettyNormal: <>, <>
>Apr  3 02:27:21 selma slapd[83832]: do_sasl_bind: dn () mech GSSAPI
>Apr  3 02:27:21 selma slapd[83832]: conn=12 op=2 BIND dn="" method=163
>Apr  3 02:27:21 selma slapd[83832]: >>> dnNormalize:
><uid=tiamat,cn=GSSAPI,cn=auth>
>Apr  3 02:27:21 selma slapd[83832]: daemon: activity on 1 descriptors
>Apr  3 02:27:21 selma slapd[83832]: daemon: activity on:
>
>But cyrus-sasl-2.1.18/sample client/server works fine:
>
># ./server -p 777 -s ldap
>trying 28, 1, 6
>trying 2, 1, 6
>accepted new connection
>send: {57}
>NTLM LOGIN ANONYMOUS PLAIN GSSAPI OTP DIGEST-MD5 CRAM-MD5
>recv: {6}
>GSSAPI
>recv: {1}
>Y
>recv: {553}
>`[82][2]%[6][9]*[86]H[86][F7][12][1][2][2][1][0]n[82][2][14]0[82][2][10][A0][3][2][1][5][A1][3][2][1][E][A2][7][3][5][0]
>[0][0][0][A3][82][1],a[82][1](0[82][1]$[A0][3][2][1][5][A1][D][1B][B]KOMI.MTS.RU[A2]$0"[A0][3][2][1][1][A1][1B]0[19][1B][4]ldap[1B][11]selma.komi.mts.ru[A3][81][E7]0[81][E4][A0][3][2][1][10][A1][3][2][1][1][A2][81][D7][4][81][D4]E[EA][B5][12][A5][BB]n,[CB][E7]s[93],[A4][C3][E1][C4][84][F3][DA][C3][E2][81]@[B5][DC]~9[14]9[18]%[BA][3]??[E2]J[1A][18][7F][CB][C6][D4][9D][95][E];[19]k[DE][C][7F][F][88][F6][B6]
>9[BD][99][90]v[B9][FC][AE][1A]1k[9E]&[89],][92]}[E6]][CE][18][AA][AD][FA][94][1A]A[D3]o[3][96][E2][10]W[CA]D;[D8]viX[93][D2][A4]j[AD][D][D2][C8][1B][4]Q[CA][E5][97]]![15]?B[CD]^[BA][ED][6],[AB][BB][CF][19][B9][FD][FA][D7][CD]u[EB][AE][A][AC][AE][8F][A6]:!n[B2][84][CF][90][CA][BA][AB][D2]9g[8A][FF][B2]\[B7]q[B7][C0]>&%[D9]=l[BD][8D][82][DA][6][89][DB][DE][CE][D]LP[AA][18]&[85][E4][9F]lq:[F7]p[D0][C2][DF][8][D6][BF][7][AA]L[98][B1][5]g[8C][9C]r[18]M![DC][A4][81][CA]0[81][C7][A0][3][2][1][10][A2][81][BF][4][81][BC][D]V|[83][C0][A6][AF]~:[DE],%|[D7]w[2][96][DA][12][E4]a[AF]b[85][BE][F9][F2][E2][13]tY9[5][C2]py3f79[A0][C8]6R[9B]:[6][17]j[FB][F3]L[C3][C8]<[83]P[1F][8]Y[E]%N[DE][E2][6][E2]j[A3][FA][B]9T[12][1E][D3]C[B3]W[E6][93][F][AA][C4][9A][C6][F8]Yt[4][DE][17][E7]H?BG[AC][C2]>[19]8[5][8][CA][BF][8][96][87][19]#3;Z[13][F3]"[F4][CE]Q[F0]knv[F2][B4][13][10][E9]_[B4][19][A3]yly[B][B0][F5][8F][89][1F];[F1][E]V_[B3][B4][E0]JH%[EF][2][C4][C5]([DB]~[D7][D7]"[91][D5]'[12]7[EE][9B][AA]y!
 j!
> [12][BD]*nKK;[C7][F][9B][FF][81]][0]b
>send: {110}
>`l[6][9]*[86]H[86][F7][12][1][2][2][2][0]o]0[[A0][3][2][1][5][A1][3][2][1][F][A2]O0M[A0][3][2][1][10][A2]F[4]D;[B2]?[B9]y}{hy.[89][AB][BA]V[F4][82][17]}`[AA][5][D6][85]c[DD]b[9F]Y[C][FA]q[19][92][E1][AB][C4][D4][1D][14]b[F7]f[F]o[C7][F1][C8][AA][12][8A][93]%[EB][97][AC]k[5]m[E1][CC][E3][BD][E][AE][96][D4][CF]h
>recv: {0}
>
>send: {65}
>`?[6][9]*[86]H[86][F7][12][1][2][2][2][1][4][0][FF][FF][FF][FF][D6]-[C3][93]Q[F1][FC]8+[EA]|Y[F4][13][86][87][F]D[C5]{[BA][1C]x;[90]4[AB]}[8C][13][A][C][86]l[9D]{[1][0][0][0][4][4][4][4]
>recv: {73}
>`G[6][9]*[86]H[86][F7][12][1][2][2][2][1][4][0][FF][FF][FF][FF][6][F3]^}F[8F][8D]o[FD]][17]K[92]pr[C5][FB]:[8A][B6]K@1[8B][DF][E0][E0]>l[C2][90][8C][DC][F7]#[FE][1][0][0][0]tiamat[6][6][6][6][6][6]
>successful authentication 'tiamat'
>closing connection
>
># ./client -p 777 -s ldap -m GSSAPI selma
>receiving capability list... recv: {57}
>NTLM LOGIN ANONYMOUS PLAIN GSSAPI OTP DIGEST-MD5 CRAM-MD5
>NTLM LOGIN ANONYMOUS PLAIN GSSAPI OTP DIGEST-MD5 CRAM-MD5
>please enter an authorization id: tiamat
>send: {6}
>GSSAPI
>send: {1}
>Y
>send: {553}
>`[82][2]%[6][9]*[86]H[86][F7][12][1][2][2][1][0]n[82][2][14]0[82][2][10][A0][3][2][1][5][A1][3][2][1][E][A2][7][3][5][0]
>[0][0][0][A3][82][1],a[82][1](0[82][1]$[A0][3][2][1][5][A1][D][1B][B]KOMI.MTS.RU[A2]$0"[A0][3][2][1][1][A1][1B]0[19][1B][4]ldap[1B][11]selma.komi.mts.ru[A3][81][E7]0[81][E4][A0][3][2][1][10][A1][3][2][1][1][A2][81][D7][4][81][D4]E[EA][B5][12][A5][BB]n,[CB][E7]s[93],[A4][C3][E1][C4][84][F3][DA][C3][E2][81]@[B5][DC]~9[14]9[18]%[BA][3]??[E2]J[1A][18][7F][CB][C6][D4][9D][95][E];[19]k[DE][C][7F][F][88][F6][B6]
>9[BD][99][90]v[B9][FC][AE][1A]1k[9E]&[89],][92]}[E6]][CE][18][AA][AD][FA][94][1A]A[D3]o[3][96][E2][10]W[CA]D;[D8]viX[93][D2][A4]j[AD][D][D2][C8][1B][4]Q[CA][E5][97]]![15]?B[CD]^[BA][ED][6],[AB][BB][CF][19][B9][FD][FA][D7][CD]u[EB][AE][A][AC][AE][8F][A6]:!n[B2][84][CF][90][CA][BA][AB][D2]9g[8A][FF][B2]\[B7]q[B7][C0]>&%[D9]=l[BD][8D][82][DA][6][89][DB][DE][CE][D]LP[AA][18]&[85][E4][9F]lq:[F7]p[D0][C2][DF][8][D6][BF][7][AA]L[98][B1][5]g[8C][9C]r[18]M![DC][A4][81][CA]0[81][C7][A0][3][2][1][10][A2][81][BF][4][81][BC][D]V|[83][C0][A6][AF]~:[DE],%|[D7]w[2][96][DA][12][E4]a[AF]b[85][BE][F9][F2][E2][13]tY9[5][C2]py3f79[A0][C8]6R[9B]:[6][17]j[FB][F3]L[C3][C8]<[83]P[1F][8]Y[E]%N[DE][E2][6][E2]j[A3][FA][B]9T[12][1E][D3]C[B3]W[E6][93][F][AA][C4][9A][C6][F8]Yt[4][DE][17][E7]H?BG[AC][C2]>[19]8[5][8][CA][BF][8][96][87][19]#3;Z[13][F3]"[F4][CE]Q[F0]knv[F2][B4][13][10][E9]_[B4][19][A3]yly[B][B0][F5][8F][89][1F];[F1][E]V_[B3][B4][E0]JH%[EF][2][C4][C5]([DB]~[D7][D7]"[91][D5]'[12]7[EE][9B][AA]y!
 j!
> [12][BD]*nKK;[C7][F][9B][FF][81]][0]b
>recv: {110}
>`l[6][9]*[86]H[86][F7][12][1][2][2][2][0]o]0[[A0][3][2][1][5][A1][3][2][1][F][A2]O0M[A0][3][2][1][10][A2]F[4]D;[B2]?[B9]y}{hy.[89][AB][BA]V[F4][82][17]}`[AA][5][D6][85]c[DD]b[9F]Y[C][FA]q[19][92][E1][AB][C4][D4][1D][14]b[F7]f[F]o[C7][F1][C8][AA][12][8A][93]%[EB][97][AC]k[5]m[E1][CC][E3][BD][E][AE][96][D4][CF]h
>send: {0}
>
>recv: {65}
>`?[6][9]*[86]H[86][F7][12][1][2][2][2][1][4][0][FF][FF][FF][FF][D6]-[C3][93]Q[F1][FC]8+[EA]|Y[F4][13][86][87][F]D[C5]{[BA][1C]x;[90]4[AB]}[8C][13][A][C][86]l[9D]{[1][0][0][0][4][4][4][4]
>send: {73}
>`G[6][9]*[86]H[86][F7][12][1][2][2][2][1][4][0][FF][FF][FF][FF][6][F3]^}F[8F][8D]o[FD]][17]K[92]pr[C5][FB]:[8A][B6]K@1[8B][DF][E0][E0]>l[C2][90][8C][DC][F7]#[FE][1][0][0][0]tiamat[6][6][6][6][6][6]
>successful authentication
>closing connection
>
>Thanks a lot!
Prev by Date: GSSAPI on sparc64 (ITS#3054)
Next by Date: Re: GSSAPI on sparc64 (ITS#3054)
Index(es):
- Chronological
- Thread