[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: binding using password from kerberos v



Howard...

I don't know why it is looking for that nonexistent file.  But it turns
out that making a symlink in /usr/local/kerberos/etc/krb5.conf back to
/etc/krb5.conf seems to make it work.  Seems ok for now, but it smells a
little fishy; maybe it's worth looking into more at some point....

-steve

Howard Chu wrote:
> 
> What's in your /etc/krb5.conf and why does it keep trying to find the
> nonexistent /usr/local/kerberos/etc/krb5.conf?
> 
>   -- Howard Chu
>   Chief Architect, Symas Corp.       Director, Highland Sun
>   http://www.symas.com               http://highlandsun.com/hyc
>   Symas: Premier OpenSource Development and Support
> 
> > -----Original Message-----
> > From: owner-openldap-software@OpenLDAP.org
> > [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Steven Hodges
> > Sent: Monday, January 28, 2002 3:17 PM
> > To: openldap-software@OpenLDAP.org
> > Subject: binding using password from kerberos v
> >
> >
> > Hello...
> >
> > I'm having difficulty getting openldap to allow a user to bind by
> > checking the userPassword against a kerberos V database.  When I
> > try to bind in this way, I get a core dump. At this point, I just
> > want to see if there are other people currently using this feature
> > of openldap, so that I can try to figure out whether it is something
> > I have misconfigured or some more general problem with the software.
> > If anyone has run into this and solved the problem, I would be most
> > grateful for suggestions...
> >
> > Here are some specifics of my configuration:
> >
> > openldap 2.0.18
> > cyrus sasl 1.5.24
> > openssl 0.9.6
> > berkeley db 3.2.9
> > kerberos V 1.2.2b
> > running on Solaris 8
> > compiled with Sun cc
> >
> > configured with the commands:
> >
> > >CFLAGS="-fast"
> >
> > >CPPFLAGS="-I/usr/local/include -I/usr/local/ssl/include
> >    -I/usr/local/kerberos/include"
> >
> > >LDFLAGS="-s -L/usr/local/lib -R/usr/local/lib -L/usr/local/ssl/lib
> >    -R/usr/local/ssl/lib -L/usr/local/kerberos/lib -R/usr/local/kerberos/lib"
> >
> > >./configure --prefix=/usr/local/ldap --enable-kpasswd --enable-spasswd
> >     --enable-wrappers --enable-dynamic --enable-rlookups --enable-cache
> >     --with-tls=openssl --with-kerberos=k5 --without-subdir
> >
> > Contents of the userPassword attribute for the user trying to bind
> > is userPassword:
> >    {KERBEROS}<myUsername>@<myRealm>
> >
> > Trussing the slapd process, the last things that happen before the
> > core dump are:
> >
> > stat("/etc/krb5.conf", 0xFE981750)              = 0
> > open("/etc/krb5.conf", O_RDONLY)                = 12
> > access("/etc/krb5.conf", 2)                     = 0
> > fstat64(12, 0xFE981588)                         = 0
> > brk(0x001713C8)                                 = 0
> > brk(0x001733C8)                                 = 0
> > ioctl(12, TCGETA, 0xFE981514)                   Err#25 ENOTTY
> > read(12, " [ l i b d e f a u l t s".., 8192)    = 449
> > brk(0x001733C8)                                 = 0
> > brk(0x001753C8)                                 = 0
> > read(12, 0x00170BCC, 8192)                      = 0
> > llseek(12, 0, SEEK_CUR)                         = 449
> > close(12)                                       = 0
> > stat("/usr/local/kerberos/etc/krb5.conf", 0xFE981750) Err#2 ENOENT
> > getpid()                                        = 15575 [1]
> > stat("/etc/krb5.conf", 0xFE9817A0)              = 0
> > stat("/usr/local/kerberos/etc/krb5.conf", 0xFE9817A0) Err#2 ENOENT
> > Incurred fault #6, FLTBOUNDS  %pc = 0xFF1610A0
> > siginfo: SIGSEGV SEGV_MAPERR addr=0x00000014
> >     Received signal #11, SIGSEGV [caught]
> >       siginfo: SIGSEGV SEGV_MAPERR addr=0x00000014
> > sigprocmask(SIG_SETMASK, 0xFEC6F010, 0x00000000) = 0
> > sigaction(SIGSEGV, 0xFE981338, 0x00000000)      = 0
> > sigprocmask(SIG_SETMASK, 0xFEC7ADE0, 0x00000000) = 0
> > setcontext(0xFE9814F0)
> > Incurred fault #6, FLTBOUNDS  %pc = 0xFF1610A0
> > siginfo: SIGSEGV SEGV_MAPERR addr=0x00000014
> > Received signal #11, SIGSEGV [default]
> > siginfo: SIGSEGV SEGV_MAPERR addr=0x00000014
> >         *** process killed ***
> >
> > If I left out relevant info, please ask...
> >
> > -steve hodges
> >