[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: binding using password from kerberos v
Howard...
I don't know why it is looking for that nonexistent file. But it turns
out that making a symlink in /usr/local/kerberos/etc/krb5.conf back to
/etc/krb5.conf seems to make it work. Seems ok for now, but it smells a
little fishy; maybe it's worth looking into more at some point....
-steve
Howard Chu wrote:
>
> What's in your /etc/krb5.conf and why does it keep trying to find the
> nonexistent /usr/local/kerberos/etc/krb5.conf?
>
> -- Howard Chu
> Chief Architect, Symas Corp. Director, Highland Sun
> http://www.symas.com http://highlandsun.com/hyc
> Symas: Premier OpenSource Development and Support
>
> > -----Original Message-----
> > From: owner-openldap-software@OpenLDAP.org
> > [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Steven Hodges
> > Sent: Monday, January 28, 2002 3:17 PM
> > To: openldap-software@OpenLDAP.org
> > Subject: binding using password from kerberos v
> >
> >
> > Hello...
> >
> > I'm having difficulty getting openldap to allow a user to bind by
> > checking the userPassword against a kerberos V database. When I
> > try to bind in this way, I get a core dump. At this point, I just
> > want to see if there are other people currently using this feature
> > of openldap, so that I can try to figure out whether it is something
> > I have misconfigured or some more general problem with the software.
> > If anyone has run into this and solved the problem, I would be most
> > grateful for suggestions...
> >
> > Here are some specifics of my configuration:
> >
> > openldap 2.0.18
> > cyrus sasl 1.5.24
> > openssl 0.9.6
> > berkeley db 3.2.9
> > kerberos V 1.2.2b
> > running on Solaris 8
> > compiled with Sun cc
> >
> > configured with the commands:
> >
> > >CFLAGS="-fast"
> >
> > >CPPFLAGS="-I/usr/local/include -I/usr/local/ssl/include
> > -I/usr/local/kerberos/include"
> >
> > >LDFLAGS="-s -L/usr/local/lib -R/usr/local/lib -L/usr/local/ssl/lib
> > -R/usr/local/ssl/lib -L/usr/local/kerberos/lib -R/usr/local/kerberos/lib"
> >
> > >./configure --prefix=/usr/local/ldap --enable-kpasswd --enable-spasswd
> > --enable-wrappers --enable-dynamic --enable-rlookups --enable-cache
> > --with-tls=openssl --with-kerberos=k5 --without-subdir
> >
> > Contents of the userPassword attribute for the user trying to bind
> > is userPassword:
> > {KERBEROS}<myUsername>@<myRealm>
> >
> > Trussing the slapd process, the last things that happen before the
> > core dump are:
> >
> > stat("/etc/krb5.conf", 0xFE981750) = 0
> > open("/etc/krb5.conf", O_RDONLY) = 12
> > access("/etc/krb5.conf", 2) = 0
> > fstat64(12, 0xFE981588) = 0
> > brk(0x001713C8) = 0
> > brk(0x001733C8) = 0
> > ioctl(12, TCGETA, 0xFE981514) Err#25 ENOTTY
> > read(12, " [ l i b d e f a u l t s".., 8192) = 449
> > brk(0x001733C8) = 0
> > brk(0x001753C8) = 0
> > read(12, 0x00170BCC, 8192) = 0
> > llseek(12, 0, SEEK_CUR) = 449
> > close(12) = 0
> > stat("/usr/local/kerberos/etc/krb5.conf", 0xFE981750) Err#2 ENOENT
> > getpid() = 15575 [1]
> > stat("/etc/krb5.conf", 0xFE9817A0) = 0
> > stat("/usr/local/kerberos/etc/krb5.conf", 0xFE9817A0) Err#2 ENOENT
> > Incurred fault #6, FLTBOUNDS %pc = 0xFF1610A0
> > siginfo: SIGSEGV SEGV_MAPERR addr=0x00000014
> > Received signal #11, SIGSEGV [caught]
> > siginfo: SIGSEGV SEGV_MAPERR addr=0x00000014
> > sigprocmask(SIG_SETMASK, 0xFEC6F010, 0x00000000) = 0
> > sigaction(SIGSEGV, 0xFE981338, 0x00000000) = 0
> > sigprocmask(SIG_SETMASK, 0xFEC7ADE0, 0x00000000) = 0
> > setcontext(0xFE9814F0)
> > Incurred fault #6, FLTBOUNDS %pc = 0xFF1610A0
> > siginfo: SIGSEGV SEGV_MAPERR addr=0x00000014
> > Received signal #11, SIGSEGV [default]
> > siginfo: SIGSEGV SEGV_MAPERR addr=0x00000014
> > *** process killed ***
> >
> > If I left out relevant info, please ask...
> >
> > -steve hodges
> >