[Date Prev][Date Next] [Chronological] [Thread] [Top]

sasl_bind ... Segmentation fault




Using the following software versions on a fully patched Solaris 8 (Sparc):

db-4.1.24
MIT Krb5 1.2.7
openLDAP 2.1.12
openSSL 0.9.6h
Cyrus SASL 2.1.12

Compiled openLDAP with the following configure:

env CPPFLAGS="-I/usr/local/db-4.1.24/include -I/usr/local/openssl/include
-I/usr/local/krb5/include -I/usr/local/sasl2/include
-I/afs/amath/projects/sysadmin/sun4x_58/tcp_wrappers_7.6-ipv6.1"
LDFLAGS="-L/usr/local/db-4.1.24/lib -R/usr/local/db-4.1.24/lib
-L/usr/local/krb5/lib -R/usr/local/krb5/lib -L/usr/local/openssl/lib
-R/usr/local/openssl/lib -L/usr/local/sasl2/lib -R/usr/local/sasl2/lib" ./configure --prefix=/usr/local/openldap-2.1.12 --enable-debug --enable-syslog --with-cyrus-sasl --with-kerberos --with-tls --enable-slapd --enable-crypt --enable-kpasswd --enable-spasswd --enable-wrappers --enable-bdb --enable-slurpd


The configure completes fine. So do make depend, make, make test, and make install. I have the SSL/TLS certs working fine and am able to do ldapsearchs with simple bind (-x) (with and without TLS). When I try to use GSSAPI slapd gives up with a segmentation fault. Last few lines from slapd -d -1:

	>>> dnPrettyNormal: <>
	<<< dnPrettyNormal: <>, <>
	do_sasl_bind: dn () mech GSSAPI
	conn=0 op=2 BIND dn="" method=163
	==> sasl_bind: dn="" mech=GSSAPI datalen=474
	Segmentation fault

Above was from using the following command:

  ldapsearch -H ldaps://<FQDN> -b "" -s base -LLL supportedSASLMechanisms

The slapd crash ony occurs if I have a ticket. If I issue a kdestroy prior to running the same command as above then I get:

ldap_start_tls: Operations error (1)
additional info: TLS already started
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (82)
additional info: SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (No credentials cache found)


Funny thing is that with a valid ticket after runing the ldapsearch command I then have a ldap ticket in my krb cache.

Is this a Solaris v openSSL crypt issue?  Are threads to blame?  Ideas?

--Matthew
__________________________________________________________________
                       Matthew W. Mauzy
                     Systems Administrator
                     Applied Math @ UNC-CH
email : mauzy@amath.unc.edu           pager : mpager@amath.unc.edu
(W) 919.962.9819   www.amath.unc.edu/~mauzy/   (P) 919.347.0390
__________________________________________________________________