[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: binding using password from kerberos v



What's in your /etc/krb5.conf and why does it keep trying to find the
nonexistent /usr/local/kerberos/etc/krb5.conf?

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Steven Hodges
> Sent: Monday, January 28, 2002 3:17 PM
> To: openldap-software@OpenLDAP.org
> Subject: binding using password from kerberos v
>
>
> Hello...
>
> I'm having difficulty getting openldap to allow a user to bind by
> checking the userPassword against a kerberos V database.  When I
> try to bind in this way, I get a core dump. At this point, I just
> want to see if there are other people currently using this feature
> of openldap, so that I can try to figure out whether it is something
> I have misconfigured or some more general problem with the software.
> If anyone has run into this and solved the problem, I would be most
> grateful for suggestions...
>
> Here are some specifics of my configuration:
>
> openldap 2.0.18
> cyrus sasl 1.5.24
> openssl 0.9.6
> berkeley db 3.2.9
> kerberos V 1.2.2b
> running on Solaris 8
> compiled with Sun cc
>
> configured with the commands:
>
> >CFLAGS="-fast"
>
> >CPPFLAGS="-I/usr/local/include -I/usr/local/ssl/include
>    -I/usr/local/kerberos/include"
>
> >LDFLAGS="-s -L/usr/local/lib -R/usr/local/lib -L/usr/local/ssl/lib
>    -R/usr/local/ssl/lib -L/usr/local/kerberos/lib -R/usr/local/kerberos/lib"
>
> >./configure --prefix=/usr/local/ldap --enable-kpasswd --enable-spasswd
>     --enable-wrappers --enable-dynamic --enable-rlookups --enable-cache
>     --with-tls=openssl --with-kerberos=k5 --without-subdir
>
> Contents of the userPassword attribute for the user trying to bind
> is userPassword:
>    {KERBEROS}<myUsername>@<myRealm>
>
> Trussing the slapd process, the last things that happen before the
> core dump are:
>
> stat("/etc/krb5.conf", 0xFE981750)              = 0
> open("/etc/krb5.conf", O_RDONLY)                = 12
> access("/etc/krb5.conf", 2)                     = 0
> fstat64(12, 0xFE981588)                         = 0
> brk(0x001713C8)                                 = 0
> brk(0x001733C8)                                 = 0
> ioctl(12, TCGETA, 0xFE981514)                   Err#25 ENOTTY
> read(12, " [ l i b d e f a u l t s".., 8192)    = 449
> brk(0x001733C8)                                 = 0
> brk(0x001753C8)                                 = 0
> read(12, 0x00170BCC, 8192)                      = 0
> llseek(12, 0, SEEK_CUR)                         = 449
> close(12)                                       = 0
> stat("/usr/local/kerberos/etc/krb5.conf", 0xFE981750) Err#2 ENOENT
> getpid()                                        = 15575 [1]
> stat("/etc/krb5.conf", 0xFE9817A0)              = 0
> stat("/usr/local/kerberos/etc/krb5.conf", 0xFE9817A0) Err#2 ENOENT
> Incurred fault #6, FLTBOUNDS  %pc = 0xFF1610A0
> siginfo: SIGSEGV SEGV_MAPERR addr=0x00000014
>     Received signal #11, SIGSEGV [caught]
>       siginfo: SIGSEGV SEGV_MAPERR addr=0x00000014
> sigprocmask(SIG_SETMASK, 0xFEC6F010, 0x00000000) = 0
> sigaction(SIGSEGV, 0xFE981338, 0x00000000)      = 0
> sigprocmask(SIG_SETMASK, 0xFEC7ADE0, 0x00000000) = 0
> setcontext(0xFE9814F0)
> Incurred fault #6, FLTBOUNDS  %pc = 0xFF1610A0
> siginfo: SIGSEGV SEGV_MAPERR addr=0x00000014
> Received signal #11, SIGSEGV [default]
> siginfo: SIGSEGV SEGV_MAPERR addr=0x00000014
>         *** process killed ***
>
> If I left out relevant info, please ask...
>
> -steve hodges
>