[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
GSSAPI on sparc64 (ITS#3054)
Full_Name: Alex Deiter
Version: 2.2.8
OS: FreeBSD
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (212.44.140.14)
GSSAPI authentication don't work on FreeBSD 5.2.1 sparc64:
# klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: tiamat@KOMI.MTS.RU
Issued Expires Principal
Apr 3 02:28:45 Apr 3 12:24:54 krbtgt/KOMI.MTS.RU@KOMI.MTS.RU
# ldapsearch -d 1 -LLL -Y GSSAPI
ldap_create
ldap_sasl_interactive_bind_s: user selected: GSSAPI
ldap_int_sasl_bind: GSSAPI
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: TCP localhost:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying ::1 389
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_ndelay_on: 3
ldap_is_sock_ready: 3
ldap_ndelay_off: 3
ldap_int_sasl_open: host=selma.komi.mts.ru
SASL/GSSAPI authentication started
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ber_flush: 585 bytes to sd 3
ldap_result msgid 1
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 1
wait4msg continue, msgid 1, all 1
** Connections:
* host: localhost port: 389 (default)
refcnt: 2 status: Connected
last used: Sat Apr 3 02:26:05 2004
** Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
** Response Queue:
Empty
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 1, all 1
ber_get_next
ber_get_next: tag 0x30 len 124 contents:
ldap_read: message type bind msgid 1, original id 1
ber_scanf fmt ({iaa) ber:
read1msg: 0 new referrals
read1msg: mark request completed, id = 1
request 1 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_sasl_bind_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (O) ber:
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (x) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
sasl_client_step: 1
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ber_flush: 22 bytes to sd 3
ldap_result msgid 2
ldap_chkResponseList for msgid=2, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 2
wait4msg continue, msgid 2, all 1
** Connections:
* host: localhost port: 389 (default)
refcnt: 2 status: Connected
last used: Sat Apr 3 02:26:05 2004
** Outstanding Requests:
* msgid 2, origid 2, status InProgress
outstanding referrals 0, parent count 0
** Response Queue:
Empty
ldap_chkResponseList for msgid=2, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 2, all 1
ber_get_next
ber_get_next: tag 0x30 len 79 contents:
ldap_read: message type bind msgid 2, original id 2
ber_scanf fmt ({iaa) ber:
read1msg: 0 new referrals
read1msg: mark request completed, id = 2
request 2 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 2, msgid 2)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_sasl_bind_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (O) ber:
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (x) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
sasl_client_step: 0
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ber_flush: 89 bytes to sd 3
ldap_result msgid 3
ldap_chkResponseList for msgid=3, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 3
wait4msg continue, msgid 3, all 1
** Connections:
* host: localhost port: 389 (default)
refcnt: 2 status: Connected
last used: Sat Apr 3 02:26:05 2004
** Outstanding Requests:
* msgid 3, origid 3, status InProgress
outstanding referrals 0, parent count 0
** Response Queue:
Empty
ldap_chkResponseList for msgid=3, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 3, all 1
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
ldap_read: message type bind msgid 3, original id 3
ber_scanf fmt ({iaa) ber:
read1msg: 0 new referrals
read1msg: mark request completed, id = 3
request 3 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 3, msgid 3)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_sasl_bind_result
ber_scanf fmt ({iaa) ber:
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
SASL username: tiamat@KOMI.MTS.RU
SASL SSF: 56
SASL installing layers
ldap_pvt_sasl_install
ldap_search_ext
put_filter: "(objectclass=*)"
put_filter: simple
put_simple_filter: "objectclass=*"
ldap_send_initial_request
ldap_send_server_request
ber_flush: 39 bytes to sd 3
ldap_free_request (origid 4, msgid 4)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_err2string
ldapsearch: ldap_search_ext: Can't contact LDAP server (-1)
ldap_free_connection
ldap_send_unbind
ber_flush: 7 bytes to sd 3
ldap_free_connection: actually freed
slapd log:
Apr 3 02:27:21 selma slapd[83832]: do_bind
Apr 3 02:27:21 selma slapd[83832]: >>> dnPrettyNormal: <>
Apr 3 02:27:21 selma slapd[83832]: <<< dnPrettyNormal: <>, <>
Apr 3 02:27:21 selma slapd[83832]: do_sasl_bind: dn () mech GSSAPI
Apr 3 02:27:21 selma slapd[83832]: conn=12 op=0 BIND dn="" method=163
Apr 3 02:27:21 selma slapd[83832]: ==> sasl_bind: dn="" mech=GSSAPI
datalen=553
....
Apr 3 02:27:21 selma slapd[83832]: send_ldap_sasl: err=14 len=110
Apr 3 02:27:21 selma slapd[83832]: send_ldap_response: msgid=1 tag=97 err=14
Apr 3 02:27:21 selma slapd[83832]: <== slap_sasl_bind: rc=14
....
Apr 3 02:27:21 selma slapd[83832]: do_bind
Apr 3 02:27:21 selma slapd[83832]: >>> dnPrettyNormal: <>
Apr 3 02:27:21 selma slapd[83832]: <<< dnPrettyNormal: <>, <>
Apr 3 02:27:21 selma slapd[83832]: do_sasl_bind: dn () mech GSSAPI
Apr 3 02:27:21 selma slapd[83832]: conn=12 op=1 BIND dn="" method=163
Apr 3 02:27:21 selma slapd[83832]: ==> sasl_bind: dn="" mech=<continuing>
datalen=0
Apr 3 02:27:21 selma slapd[83832]: send_ldap_sasl: err=14 len=65
Apr 3 02:27:21 selma slapd[83832]: send_ldap_response: msgid=2 tag=97 err=14
Apr 3 02:27:21 selma slapd[83832]: <== slap_sasl_bind: rc=14
....
Apr 3 02:27:21 selma slapd[83832]: do_bind
Apr 3 02:27:21 selma slapd[83832]: >>> dnPrettyNormal: <>
Apr 3 02:27:21 selma slapd[83832]: <<< dnPrettyNormal: <>, <>
Apr 3 02:27:21 selma slapd[83832]: do_sasl_bind: dn () mech GSSAPI
Apr 3 02:27:21 selma slapd[83832]: conn=12 op=2 BIND dn="" method=163
Apr 3 02:27:21 selma slapd[83832]: >>> dnNormalize:
<uid=tiamat,cn=GSSAPI,cn=auth>
Apr 3 02:27:21 selma slapd[83832]: daemon: activity on 1 descriptors
Apr 3 02:27:21 selma slapd[83832]: daemon: activity on:
But cyrus-sasl-2.1.18/sample client/server works fine:
# ./server -p 777 -s ldap
trying 28, 1, 6
trying 2, 1, 6
accepted new connection
send: {57}
NTLM LOGIN ANONYMOUS PLAIN GSSAPI OTP DIGEST-MD5 CRAM-MD5
recv: {6}
GSSAPI
recv: {1}
Y
recv: {553}
`[82][2]%[6][9]*[86]H[86][F7][12][1][2][2][1][0]n[82][2][14]0[82][2][10][A0][3][2][1][5][A1][3][2][1][E][A2][7][3][5][0]
[0][0][0][A3][82][1],a[82][1](0[82][1]$[A0][3][2][1][5][A1][D][1B][B]KOMI.MTS.RU[A2]$0"[A0][3][2][1][1][A1][1B]0[19][1B][4]ldap[1B][11]selma.komi.mts.ru[A3][81][E7]0[81][E4][A0][3][2][1][10][A1][3][2][1][1][A2][81][D7][4][81][D4]E[EA][B5][12][A5][BB]n,[CB][E7]s[93],[A4][C3][E1][C4][84][F3][DA][C3][E2][81]@[B5][DC]~9[14]9[18]%[BA][3]??[E2]J[1A][18][7F][CB][C6][D4][9D][95][E];[19]k[DE][C][7F][F][88][F6][B6]
9[BD][99][90]v[B9][FC][AE][1A]1k[9E]&[89],][92]}[E6]][CE][18][AA][AD][FA][94][1A]A[D3]o[3][96][E2][10]W[CA]D;[D8]viX[93][D2][A4]j[AD][D][D2][C8][1B][4]Q[CA][E5][97]]![15]?B[CD]^[BA][ED][6],[AB][BB][CF][19][B9][FD][FA][D7][CD]u[EB][AE][A][AC][AE][8F][A6]:!n[B2][84][CF][90][CA][BA][AB][D2]9g[8A][FF][B2]\[B7]q[B7][C0]>&%[D9]=l[BD][8D][82][DA][6][89][DB][DE][CE][D]LP[AA][18]&[85][E4][9F]lq:[F7]p[D0][C2][DF][8][D6][BF][7][AA]L[98][B1][5]g[8C][9C]r[18]M![DC][A4][81][CA]0[81][C7][A0][3][2][1][10][A2][81][BF][4][81][BC][D]V|[83][C0][A6][AF]~:[DE],%|[D7]w[2][96][DA][12][E4]a[AF]b[85][BE][F9][F2][E2][13]tY9[5][C2]py3f79[A0][C8]6R[9B]:[6][17]j[FB][F3]L[C3][C8]<[83]P[1F][8]Y[E]%N[DE][E2][6][E2]j[A3][FA][B]9T[12][1E][D3]C[B3]W[E6][93][F][AA][C4][9A][C6][F8]Yt[4][DE][17][E7]H?BG[AC][C2]>[19]8[5][8][CA][BF][8][96][87][19]#3;Z[13][F3]"[F4][CE]Q[F0]knv[F2][B4][13][10][E9]_[B4][19][A3]yly[B][B0][F5][8F][89][1F];[F1][E]V_[B3][B4][E0]JH%[EF][2][C4][C5]([DB]~[D7][D7]"[91][D5]'[12]7[EE][9B][AA]yj[12][BD]*nKK;[C7][F][9B][FF][81]][0]b
send: {110}
`l[6][9]*[86]H[86][F7][12][1][2][2][2][0]o]0[[A0][3][2][1][5][A1][3][2][1][F][A2]O0M[A0][3][2][1][10][A2]F[4]D;[B2]?[B9]y}{hy.[89][AB][BA]V[F4][82][17]}`[AA][5][D6][85]c[DD]b[9F]Y[C][FA]q[19][92][E1][AB][C4][D4][1D][14]b[F7]f[F]o[C7][F1][C8][AA][12][8A][93]%[EB][97][AC]k[5]m[E1][CC][E3][BD][E][AE][96][D4][CF]h
recv: {0}
send: {65}
`?[6][9]*[86]H[86][F7][12][1][2][2][2][1][4][0][FF][FF][FF][FF][D6]-[C3][93]Q[F1][FC]8+[EA]|Y[F4][13][86][87][F]D[C5]{[BA][1C]x;[90]4[AB]}[8C][13][A][C][86]l[9D]{[1][0][0][0][4][4][4][4]
recv: {73}
`G[6][9]*[86]H[86][F7][12][1][2][2][2][1][4][0][FF][FF][FF][FF][6][F3]^}F[8F][8D]o[FD]][17]K[92]pr[C5][FB]:[8A][B6]K@1[8B][DF][E0][E0]>l[C2][90][8C][DC][F7]#[FE][1][0][0][0]tiamat[6][6][6][6][6][6]
successful authentication 'tiamat'
closing connection
# ./client -p 777 -s ldap -m GSSAPI selma
receiving capability list... recv: {57}
NTLM LOGIN ANONYMOUS PLAIN GSSAPI OTP DIGEST-MD5 CRAM-MD5
NTLM LOGIN ANONYMOUS PLAIN GSSAPI OTP DIGEST-MD5 CRAM-MD5
please enter an authorization id: tiamat
send: {6}
GSSAPI
send: {1}
Y
send: {553}
`[82][2]%[6][9]*[86]H[86][F7][12][1][2][2][1][0]n[82][2][14]0[82][2][10][A0][3][2][1][5][A1][3][2][1][E][A2][7][3][5][0]
[0][0][0][A3][82][1],a[82][1](0[82][1]$[A0][3][2][1][5][A1][D][1B][B]KOMI.MTS.RU[A2]$0"[A0][3][2][1][1][A1][1B]0[19][1B][4]ldap[1B][11]selma.komi.mts.ru[A3][81][E7]0[81][E4][A0][3][2][1][10][A1][3][2][1][1][A2][81][D7][4][81][D4]E[EA][B5][12][A5][BB]n,[CB][E7]s[93],[A4][C3][E1][C4][84][F3][DA][C3][E2][81]@[B5][DC]~9[14]9[18]%[BA][3]??[E2]J[1A][18][7F][CB][C6][D4][9D][95][E];[19]k[DE][C][7F][F][88][F6][B6]
9[BD][99][90]v[B9][FC][AE][1A]1k[9E]&[89],][92]}[E6]][CE][18][AA][AD][FA][94][1A]A[D3]o[3][96][E2][10]W[CA]D;[D8]viX[93][D2][A4]j[AD][D][D2][C8][1B][4]Q[CA][E5][97]]![15]?B[CD]^[BA][ED][6],[AB][BB][CF][19][B9][FD][FA][D7][CD]u[EB][AE][A][AC][AE][8F][A6]:!n[B2][84][CF][90][CA][BA][AB][D2]9g[8A][FF][B2]\[B7]q[B7][C0]>&%[D9]=l[BD][8D][82][DA][6][89][DB][DE][CE][D]LP[AA][18]&[85][E4][9F]lq:[F7]p[D0][C2][DF][8][D6][BF][7][AA]L[98][B1][5]g[8C][9C]r[18]M![DC][A4][81][CA]0[81][C7][A0][3][2][1][10][A2][81][BF][4][81][BC][D]V|[83][C0][A6][AF]~:[DE],%|[D7]w[2][96][DA][12][E4]a[AF]b[85][BE][F9][F2][E2][13]tY9[5][C2]py3f79[A0][C8]6R[9B]:[6][17]j[FB][F3]L[C3][C8]<[83]P[1F][8]Y[E]%N[DE][E2][6][E2]j[A3][FA][B]9T[12][1E][D3]C[B3]W[E6][93][F][AA][C4][9A][C6][F8]Yt[4][DE][17][E7]H?BG[AC][C2]>[19]8[5][8][CA][BF][8][96][87][19]#3;Z[13][F3]"[F4][CE]Q[F0]knv[F2][B4][13][10][E9]_[B4][19][A3]yly[B][B0][F5][8F][89][1F];[F1][E]V_[B3][B4][E0]JH%[EF][2][C4][C5]([DB]~[D7][D7]"[91][D5]'[12]7[EE][9B][AA]yj[12][BD]*nKK;[C7][F][9B][FF][81]][0]b
recv: {110}
`l[6][9]*[86]H[86][F7][12][1][2][2][2][0]o]0[[A0][3][2][1][5][A1][3][2][1][F][A2]O0M[A0][3][2][1][10][A2]F[4]D;[B2]?[B9]y}{hy.[89][AB][BA]V[F4][82][17]}`[AA][5][D6][85]c[DD]b[9F]Y[C][FA]q[19][92][E1][AB][C4][D4][1D][14]b[F7]f[F]o[C7][F1][C8][AA][12][8A][93]%[EB][97][AC]k[5]m[E1][CC][E3][BD][E][AE][96][D4][CF]h
send: {0}
recv: {65}
`?[6][9]*[86]H[86][F7][12][1][2][2][2][1][4][0][FF][FF][FF][FF][D6]-[C3][93]Q[F1][FC]8+[EA]|Y[F4][13][86][87][F]D[C5]{[BA][1C]x;[90]4[AB]}[8C][13][A][C][86]l[9D]{[1][0][0][0][4][4][4][4]
send: {73}
`G[6][9]*[86]H[86][F7][12][1][2][2][2][1][4][0][FF][FF][FF][FF][6][F3]^}F[8F][8D]o[FD]][17]K[92]pr[C5][FB]:[8A][B6]K@1[8B][DF][E0][E0]>l[C2][90][8C][DC][F7]#[FE][1][0][0][0]tiamat[6][6][6][6][6][6]
successful authentication
closing connection
Thanks a lot!