slapd crashing on successful kerberos authentication

[Michael L Torrie <torriem@cs.byu.edu>]

I read about this before and the person figured it was truncating his
password.  Anyway, I followed his idea to force LDAP to use it's own
password getting routines, in case that was the problem.  It wasn't
though.

Currently I have OpenLDAP 2.0.9 installed, using directions provided by
Turbo Fredriksson's howto.  I've tried various tests and I know that LDAP
and SASL are playing together.  Kerberos also works on its own, although I
can't get kpasswd to work yet; it just times out trying to talk to the
server, even though kerberos is working, I think (kinit, kdestroy, etc all
work, as does kerberized telnet).

Running slapd thusly:
slapd -d 10 -u ldap -h 'ldap:/// ldaps:///'

and ldapsearch:
ldapsearch -x -D 'uid=me,ou=people,dc=<my domain>' -W -b "" -s base -LLL -H ldaps:///

asks me for my password.  If I enter the right kerberos password, no
matter what the length (well I've only tried passwords of 8 and 10
characters), slapd will seg fault.  On 2.0.7 (stock rh7.1 install) it core
dumps.  If I enter the wrong password, I get an appropriate error.

I know I have a proper principle for myself on kerberos because the
kerberized stuff works rather well.  But any access via ldap to kerberos
blows up, it seems, using pam_ldap or just straight ldap commands.

A stack trace is:
__pthread_mutex_lock
__libc_free
krb5_free_creds
_avl_dup_error
_avl_dup_error
aci_set_gather
ldbm_back_bind
ch_free
slap_sig_wake
avl_dup_error
pthread_start_thread
pthread_start_thread_event

I note that this is a different trace than the 2.0.7 version of slapd.
That one reported the error as occurring in krb5_free_creds, being called
by chk_kerberos().

So somewhere bad data is being passed to krb5_free_creds by slapd.  I'll
try recompiling tomorrow with full debug info and see if I can get the
debugger to show me where the problem is.

cheers,
Michael