[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
slapd crashing on successful kerberos authentication
I read about this before and the person figured it was truncating his
password. Anyway, I followed his idea to force LDAP to use it's own
password getting routines, in case that was the problem. It wasn't
though.
Currently I have OpenLDAP 2.0.9 installed, using directions provided by
Turbo Fredriksson's howto. I've tried various tests and I know that LDAP
and SASL are playing together. Kerberos also works on its own, although I
can't get kpasswd to work yet; it just times out trying to talk to the
server, even though kerberos is working, I think (kinit, kdestroy, etc all
work, as does kerberized telnet).
Running slapd thusly:
slapd -d 10 -u ldap -h 'ldap:/// ldaps:///'
and ldapsearch:
ldapsearch -x -D 'uid=me,ou=people,dc=<my domain>' -W -b "" -s base -LLL -H ldaps:///
asks me for my password. If I enter the right kerberos password, no
matter what the length (well I've only tried passwords of 8 and 10
characters), slapd will seg fault. On 2.0.7 (stock rh7.1 install) it core
dumps. If I enter the wrong password, I get an appropriate error.
I know I have a proper principle for myself on kerberos because the
kerberized stuff works rather well. But any access via ldap to kerberos
blows up, it seems, using pam_ldap or just straight ldap commands.
A stack trace is:
__pthread_mutex_lock
__libc_free
krb5_free_creds
_avl_dup_error
_avl_dup_error
aci_set_gather
ldbm_back_bind
ch_free
slap_sig_wake
avl_dup_error
pthread_start_thread
pthread_start_thread_event
I note that this is a different trace than the 2.0.7 version of slapd.
That one reported the error as occurring in krb5_free_creds, being called
by chk_kerberos().
So somewhere bad data is being passed to krb5_free_creds by slapd. I'll
try recompiling tomorrow with full debug info and see if I can get the
debugger to show me where the problem is.
cheers,
Michael