[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
slapd coredump with {Kerberos} passwords
Hi,
I have observed that slapd dies on a Solaris 9, when performing simple
binds with {Kerberos} style passwords. It *ever* happens at the second
attempt. It's irrelevant if the binds are successful or not(correct
password provided or not). If the first is successful it displays the
requested data normally, but not the second.
I need this kind of passwords in order to use pGINA authentication(with
LDAP-plugin) in a couple of Win2k boxes. I hope anybody can help me with
this.
I attach all information I think is relevant, gdb backtrace included.
Thanks in advance,
Samuel
----------------------------------------------------------------
* SunOS 5.9 Generic_112233-05 sun4u sparc SUNW,Sun-Fire-280R
* OpenLDAP
openldap-2.1.20
Compiled on Solaris 8, gcc 2.95.2 and WorkShop 6.1u5.2 cc
./configure \
--enable-debug --enable-syslog --enable-proctitle \
--enable-cache --enable-referrals \
--enable-wrappers \
--with-threads --enable-slapd \
--enable-crypt --enable-passwd \
--enable-rlookups --with-ssl=/usr/local/ssl \
--enable-wrappers --enable-dynamic --disable-dnssrv \
--enable-ldbm --enable-kpasswd --with-cyrus-sasl \
--enable-slurpd --enable-shared --with-tls \
--prefix=/usr/local/ldap
* slapd executed as:
${LDAP}/libexec/slapd -f /usr/local/ldap/etc/openldap/slapd.conf -d \
255 -h ldap:/// ldaps:/// -s 256 -l local4 -4
-> ouput:
[...]
<= check a_dn_pat: uid=xxx.++realm=XXXXXXXXXXXXXXXXXXXX
daemon: select timeout - yielding
=> string_expand: pattern: uid=xxx.++realm=XXXXXXXXXXXXXXXXXXXX
daemon: select: listen=7 active_threads=1 tvp=idle
=> string_expand: expanded: uid=xxx.++realm=XXXXXXXXXXXXXXXXXXXX
daemon: select: listen=8 active_threads=1 tvp=idle
daemon: select timeout - yielding
=> regex_matches: string:
daemon: select: listen=7 active_threads=1 tvp=idle
=> regex_matches: rc: 1 no matches
daemon: select: listen=8 active_threads=1 tvp=idle
<= check a_dn_pat: anonymous
daemon: select timeout - yielding
<= acl_mask: [3] applying auth(=x) (stop)
daemon: select: listen=7 active_threads=1 tvp=idle
<= acl_mask: [3] mask: auth(=x)
daemon: select: listen=8 active_threads=1 tvp=idle
=> access_allowed: auth access granted by auth(=x)
daemon: select timeout - yielding
daemon: select: listen=7 active_threads=1 tvp=idle
daemon: select: listen=8 active_threads=1 tvp=idle
daemon: select timeout - yielding
daemon: select: listen=7 active_threads=1 tvp=idle
daemon: select: listen=8 active_threads=1 tvp=idle
daemon: select timeout - yielding
daemon: select: listen=7 active_threads=1 tvp=idle
ksh: 6993 Segmentation Fault(coredump)
* client:
ldapsearch -x -D "cn=foo,ou=people,dc=xxx,dc=xxx,dc=xxx,dc=xx" -W "(uid=xxx)"
* core:
(gdb) where
#0 0xff17b0ac in profile_node_iterator ()
#1 0xff17d880 in profile_get_value ()
#2 0xff17dad4 in profile_get_integer ()
#3 0xff158b64 in init_common ()
#4 0xff158960 in krb5_init_context ()
#5 0xf5f24 in lutil_passwd_hash ()
#6 0xf5058 in lutil_passwd ()
#7 0x7f670 in slap_passwd_check ()
#8 0xd8084 in ldbm_back_bind ()
#9 0x6b8f4 in do_bind ()
#10 0x4284c in connection_done ()
#11 0xff338700 in ldap_int_thread_pool_wrapper ()
(gdb) list
warning: Source file is more recent than executable.
1 /* GSSAPI SASL plugin
2 * Leif Johansson
3 * Rob Siemborski (SASL v2 Conversion)
4 * $Id: gssapi.c,v 1.72 2003/03/31 22:07:32 rjs3 Exp $
5 */
* Kerberos:
kerberos/krb5-mit/unix/krb5-1.2.8.tar.gz
Compiled on Solaris 8, gcc 2.95.2
* cyrus-sasl-2.1.13.tar.gz
Compiled on Solaris 8, gcc 2.95.2
Configured with:
./configure --prefix=/usr/local/ldap \
--with-plugindir=/usr/local/ldap/lib/sasl \
--enable-gssapi \
--disable-plain \
--disable-anon \
--disable-krb4 \
--disable-digest \
--disable-scram \
--disable-cram
-------------------------------------------------------
--
Samuel Moñux Salvador
PGP Key pgp.rediris.es ----- KeyID 0x822583C2