Bug#629589: segfault gone, but problems remain
Richard A Nelson
cowboy at debian.org
Sat Jun 11 22:46:24 UTC 2011
On Sat, 11 Jun 2011, Dan White wrote:
> Do you have libsasl2-modules-gssapi-mit or libsasl2-modules-gssapi-heimdal
> installed, and what version?
ii libsasl2-modules-gssapi-heimdal 2.1.24~rc1.dfsg1+cvs2011-05-23-4
> Is your slapd running on a separate host?
No, 'tis using ldapi://
>If so, is it using the same version of libsasl2-modules-gssapi-*?
I have not upgraded my master servers until this is cleared, but the
laptop (sacraficial testsite) has its own copy of ldap/kdc/etc.
> Do you see anything useful in your /var/log/auth.log on the server or
> client?
Yes, interestingly, this shows up for both failure modes:
Jun 11 15:37:02 sparks-ave ldapwhoami: canonuserfunc error -7
Jun 11 15:37:02 sparks-ave ldapwhoami: _sasl_plugin_load failed on
sasl_canonuser_init for plugin: ldapdb
This one for the succes case:
Jun 11 15:37:02 sparks-ave ldapwhoami: DIGEST-MD5 common mech free
> What kerberos server are you using,
ii heimdal-kdc 1.4.0-6
> and do you see anything in it's syslog output?
No, just the expected:
AS-REQ host/<...> from IPv4:127.0.0.1 for krbtgt/<...>
> Would you mind sharing an anonymized copy of your /etc/ldap.conf and
> ~/.ldaprc?
Not at all :)
/etc/ldap/ldap.conf:
BASE dc=<...>
URI ldapi:///
TLS_CACERT /etc/ssl/certs/ca-certificates.crt
TLS_CACERTDIR /etc/ssl/certs
TLS_CRLCHECK none
TLS_REQCERT allow
~/.ldaprc:
SASL_MECH gssapi
--
Rick Nelson
Connection reset by some moron with a backhoeb
More information about the Pkg-cyrus-sasl2-debian-devel
mailing list