[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap client GSSAPI authentication segfaults in fbgsd8-stable i386



On 22/02/2010 07:27, Dieter Kluenter wrote:
George Mamalakis<mamalos@eng.auth.gr>  writes:

On 18/02/2010 19:50, Dieter Kluenter wrote:
George Mamalakis<mamalos@eng.auth.gr>   writes:
[...]
Dieter,

in my ldap server:

[root@ldap /]# ls -lrta /etc/krb5.keytab
-rw-r-----  1 root  ldap  - 446 Sep 28 19:21 /etc/krb5.keytab

but as I have already stated in my email, in one of my hosts
ldapwhoami and ldapsearch work fine, either by kiniting or not. Once I
kinit to user mamalos, three out of six clients work well (no
segfaults or corrupted stacks). This implies that heimdal combined
with slapd works fine.

As far as host principals is concerned, fbsd8stable i386 on my
laptop's virtual box does not have one, but it works ok once I kinit
to my user.

All tests have been performed as root, and when kiniting I use the
mamalos user-principal.
I must admit I have no clue, but did you test gssapi with other
kerberos clients like ssh or rsync?

-Dieter

Dieter,

I enabled gssapi authentication in one of those machines, and then connected to it from all my other clients; everything worked normally. There must be something with regard to openldap and freebsd, I am afraid. (if you see the outcome of the stack in my gdb excerpt, you realize that something very nasty must be going on).

Thanx again.

--
George Mamalakis

IT Officer
Electrical and Computer Engineer (Aristotle Un. of Thessaloniki),
MSc (Imperial College of London)

Department of Electrical and Computer Engineering
Faculty of Engineering
Aristotle University of Thessaloniki

phone number : +30 (2310) 994379