Your message dated Wed, 12 Feb 2014 00:18:30 +0000 with message-id <[email protected]> and subject line Bug#651308: fixed in cyrus-sasl2 2.1.26.dfsg1-8 has caused the Debian Bug report #651308, regarding libsasl2-modules-gssapi-mit: buggy autoconf m4 script makes SASL's "keytab" option not work to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 651308: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651308 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: libsasl2-modules-gssapi-mit Version: 2.1.24~rc1.dfsg1+cvs2011-05-23-4 Severity: important Dear Maintainer, // This issue still exists in latest 2.1.25. * What led up to the situation? I find slapd doesn't respect "keytab" option in /etc/ldap/sasl2/slapd.conf when it does SASL authentication, slapd always reads default keytab file "/etc/krb5.keytab" but slapd is running as user "openldap" and that file is readable only by root. The cause is libsasl2-modules-gssapi-mit's buggy autoconf m4 script, which disables the code snippet to read "keytab" option. $ grep gsskrb5_register_acceptor_identity /usr/include/ -nr /usr/include/gssapi/gssapi_krb5.h:164:#define gsskrb5_register_acceptor_identity krb5_gss_register_acceptor_identity /usr/include/mit-krb5/gssapi/gssapi_krb5.h:164:#define gsskrb5_register_acceptor_identity krb5_gss_register_acceptor_identity /usr/include/heimdal/gssapi/gssapi_krb5.h:84:GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gsskrb5_register_acceptor_identity $ grep gsskrb5_register_acceptor_identity -nr cyrus-sasl2/ cyrus-sasl2/configure:13336:for ac_func in gsskrb5_register_acceptor_identity cyrus-sasl2/cmulocal/sasl2.m4:271: AC_CHECK_FUNCS(gsskrb5_register_acceptor_identity) cyrus-sasl2/config.h.in:125:/* Define to 1 if you have the `gsskrb5_register_acceptor_identity' function. cyrus-sasl2/saslauthd/configure:9119:for ac_func in gsskrb5_register_acceptor_identity cyrus-sasl2/saslauthd/saslauthd.h.in:58:/* Define to 1 if you have the `gsskrb5_register_acceptor_identity' function. cyrus-sasl2/plugins/gssapi.c:1320: gsskrb5_register_acceptor_identity(keytab_path); MIT kerberos's header file includes macro "gsskrb5_register_acceptor_identity" and function "krb5_gss_register_acceptor_identity", but sasl2.m4 script expects function "gsskrb5_register_acceptor_identity", this works for Heimdal kerberos but not for MIT kerberos. * What exactly did you do (or not do) that was effective (or ineffective)? After I forced cyrus-sasl2/plugins/gssapi.c to use function "krb5_gss_register_acceptor_identity", this package successfully picked "keytab" option in /etc/ldap/sasl2/slapd.conf, command "ldapwhoami" authenticated succussfully. * What was the outcome of this action? * What outcome did you expect instead? I feel it's better to fix sasl.m4 rather than directly change plugins/gssapi.c to add more macros, maybe it's even better to just change /usr/include/mit-krb5/gssapi/gssapi_krb5.h to use this macro: #define krb5_gss_register_acceptor_identity gsskrb5_register_acceptor_identity but this way breaks ABI compatibility. cyrus-sasl2/doc/sysadmin.html also should be fixed, it claims: <p>Applications that wish to use a kerberos mechanism will need access to a service key, stored either in a "srvtab" file (Kerberos 4) or a "keytab" file (Kerberos 5). Currently, the keytab file location is not configurable and defaults to the system default (probably <tt>/etc/krb5.keytab</tt>). Regards, Yubao Liu -- System Information: Debian Release: wheezy/sid APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'testing') Architecture: i386 (i686) Kernel: Linux 3.0.0-1-686-pae (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=zh_CN.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libsasl2-modules-gssapi-mit depends on: ii libc6 2.13-21 ii libcomerr2 1.42~WIP-2011-10-16-1 ii libgssapi-krb5-2 1.9.1+dfsg-3 ii libk5crypto3 1.9.1+dfsg-3 ii libkrb5-3 1.9.1+dfsg-3 ii libsasl2-modules 2.1.24~rc1.dfsg1+cvs2011-05-23-4 ii libssl1.0.0 1.0.0e-3 libsasl2-modules-gssapi-mit recommends no packages. libsasl2-modules-gssapi-mit suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: cyrus-sasl2 Source-Version: 2.1.26.dfsg1-8 We believe that the bug you reported is fixed in the latest version of cyrus-sasl2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Roberto C. Sanchez <[email protected]> (supplier of updated cyrus-sasl2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 11 Feb 2014 18:58:43 -0500 Source: cyrus-sasl2 Binary: sasl2-bin cyrus-sasl2-doc libsasl2-2 libsasl2-modules libsasl2-modules-db libsasl2-modules-ldap libsasl2-modules-otp libsasl2-modules-sql libsasl2-modules-gssapi-mit libsasl2-dev libsasl2-modules-gssapi-heimdal cyrus-sasl2-dbg cyrus-sasl2-mit-dbg cyrus-sasl2-heimdal-dbg Architecture: source amd64 all Version: 2.1.26.dfsg1-8 Distribution: unstable Urgency: low Maintainer: Debian Cyrus SASL Team <[email protected]> Changed-By: Roberto C. Sanchez <[email protected]> Description: cyrus-sasl2-dbg - Cyrus SASL - debugging symbols cyrus-sasl2-doc - Cyrus SASL - documentation cyrus-sasl2-heimdal-dbg - Cyrus SASL - debugging symbols for Heimdal modules cyrus-sasl2-mit-dbg - Cyrus SASL - debugging symbols for MIT modules libsasl2-2 - Cyrus SASL - authentication abstraction library libsasl2-dev - Cyrus SASL - development files for authentication abstraction lib libsasl2-modules - Cyrus SASL - pluggable authentication modules libsasl2-modules-db - Cyrus SASL - pluggable authentication modules (DB) libsasl2-modules-gssapi-heimdal - Pluggable Authentication Modules for SASL (GSSAPI) libsasl2-modules-gssapi-mit - Cyrus SASL - pluggable authentication modules (GSSAPI) libsasl2-modules-ldap - Cyrus SASL - pluggable authentication modules (LDAP) libsasl2-modules-otp - Cyrus SASL - pluggable authentication modules (OTP) libsasl2-modules-sql - Cyrus SASL - pluggable authentication modules (SQL) sasl2-bin - Cyrus SASL - administration programs for SASL users database Closes: 608351 631932 651308 661249 664729 719165 722569 724513 732373 732771 Changes: cyrus-sasl2 (2.1.26.dfsg1-8) unstable; urgency=low . * Fix buginess that results in the keytab configuration option not working on MIT Kerberos (Closes: #651308). * Remove obsolete deversion from cyrus-sasl2-heimdal-dbg (Closes: #664729) * Release server credentials when longer needed to prevent running out of file descriptors (Closes: #722569). * Incorporate new watch file. * Update to Standards-Version 3.9.5 (no changes). * Make saslauthd init script stop in run levels 0 and 6 (Closes: #608351). * Add logcheck snippet to suppress "DIGEST-MD5 common mech free" messages (Closes: #732771, #631932). * Make DEB_BUILD_OPTIONS no-ldap, no-gssapi, no-sql actually work, thanks to Daniel Schepler for the patch (Closes: #724513). * Rename libsasl2-3 back to libsasl2-2, ABI breakage has already been handle previously and SONAME bump is not necessary. * Include sys/types.h in sasl.h (Closes: #719165). * Fix transposition of realm and service in debug log (Closes: #732373). * Add Polish debconf translation, thanks to Michał Kułach (Closes: #661249). * Changes to make lintian happy: + Use canonical URIs for Vcs-Browser and Vcs-Git control fields. + Make -dbg packages "Multi-Arch: same" so they are co-installable + Re-format NEWS file to get rid of changelog-style formatting Checksums-Sha1: 1bb29dbbd68c29d0aa8718283ad384dfef11cc95 3172 cyrus-sasl2_2.1.26.dfsg1-8.dsc 55d87dd42464dbd90f1e1b51e56f5cfd4c745ada 90836 cyrus-sasl2_2.1.26.dfsg1-8.debian.tar.xz 9afff32b179367986358a6bcf44cf9e045666caf 164952 sasl2-bin_2.1.26.dfsg1-8_amd64.deb 79dec4d996ddd2ed2d142091f03e886efe528c5a 106678 cyrus-sasl2-doc_2.1.26.dfsg1-8_all.deb bd9ea46bd585e72de6cb9a5aab9014bf9fb57a7a 103346 libsasl2-2_2.1.26.dfsg1-8_amd64.deb b4a9a6e27fcd2e5f7d61332d6d50e6cfd642cb04 99454 libsasl2-modules_2.1.26.dfsg1-8_amd64.deb c86a4eca03c7af6ef01410c75d6cdade72177238 66302 libsasl2-modules-db_2.1.26.dfsg1-8_amd64.deb 974527c200a1e6aa91a0803f486f0e8a0b36be04 65248 libsasl2-modules-ldap_2.1.26.dfsg1-8_amd64.deb bd56d40ac78660439b070d3cff5046809b86546a 77848 libsasl2-modules-otp_2.1.26.dfsg1-8_amd64.deb 1d6df4e6c91e9c03142b325d36b0a1830c4cd754 67860 libsasl2-modules-sql_2.1.26.dfsg1-8_amd64.deb 2ead79cf081c8a1cd6d291cf71ab4feb41525f08 88602 libsasl2-modules-gssapi-mit_2.1.26.dfsg1-8_amd64.deb d99728c78775c46eb892076666b94c4968902c36 305560 libsasl2-dev_2.1.26.dfsg1-8_amd64.deb bc54d51d65bde798e58055733a268a908f7e1985 69946 libsasl2-modules-gssapi-heimdal_2.1.26.dfsg1-8_amd64.deb 304af6e63c0585dd163b48a793b3a657170537ba 833166 cyrus-sasl2-dbg_2.1.26.dfsg1-8_amd64.deb 91457d4dab2235b69170412c12c6999888e7dbc8 92536 cyrus-sasl2-mit-dbg_2.1.26.dfsg1-8_amd64.deb 7d7eb41277c971adb806a2b3c8e10cbe682d874d 93082 cyrus-sasl2-heimdal-dbg_2.1.26.dfsg1-8_amd64.deb Checksums-Sha256: dd311c6e01b8f6af96eb87b01b56a6dc4d1cb069cd7c464768d08be47e85c7e6 3172 cyrus-sasl2_2.1.26.dfsg1-8.dsc 8dcb1ecbd1443147276ba502acde5ba3719a0f1e3c071441e7ec66354f790149 90836 cyrus-sasl2_2.1.26.dfsg1-8.debian.tar.xz b4721eb024611f26b0407331df0ec111a92f41c6c62759cadafd7b4161f95937 164952 sasl2-bin_2.1.26.dfsg1-8_amd64.deb 7ea17a3f4c950fadb809f41bdcaf2cbaae3da21a7a34f2fa975a3ee0171a8fe1 106678 cyrus-sasl2-doc_2.1.26.dfsg1-8_all.deb 98710d9865a933b2f3629ff28d572849cc26969f1a9077832227b05918d70c73 103346 libsasl2-2_2.1.26.dfsg1-8_amd64.deb b1871e3c8bffa653c0a2dd9ab3a0ab3a67caffa7e826a35d75e4fe0ea2644bbe 99454 libsasl2-modules_2.1.26.dfsg1-8_amd64.deb 5306ec658eead74c49b2ad1db4a6c983bca270715962732a1ae4fc3be8400bd2 66302 libsasl2-modules-db_2.1.26.dfsg1-8_amd64.deb 3bb5f1cd9a6ce91ab9ca56e5b3fd63be6b7a4dc1e9ef3c7651dcb735c5ae6af6 65248 libsasl2-modules-ldap_2.1.26.dfsg1-8_amd64.deb 48af99edcfdbdc3d9aca74601facb213737d975cdfd2bf9a1588e153cd7b2dfc 77848 libsasl2-modules-otp_2.1.26.dfsg1-8_amd64.deb 1bc63729ba369e22fddbc9b26ee4d3c5be8ea5e79fe3be60b7b60d236d7835f5 67860 libsasl2-modules-sql_2.1.26.dfsg1-8_amd64.deb c8eb1531c90f8d254850dfdbe6d1a631da90cd4e78edeb77b86f39f414a779d1 88602 libsasl2-modules-gssapi-mit_2.1.26.dfsg1-8_amd64.deb 19ab17b630fb60ecd9dca9d1cc9a0dd8c3bf9cb3da8bb5047c5733a76e828d6a 305560 libsasl2-dev_2.1.26.dfsg1-8_amd64.deb 9358667b6cfbf3f16cb4c065f5e43c6079eedc7958a120e5b366dec6f28d017d 69946 libsasl2-modules-gssapi-heimdal_2.1.26.dfsg1-8_amd64.deb 42f154442ec8f2f7156463715a1eb79eb01c112b11c7b8951c9a80477cfc9f07 833166 cyrus-sasl2-dbg_2.1.26.dfsg1-8_amd64.deb 53bc7ed2d8265aa9cf2b96caff6db9fcd576e723feea8989858b422661d27dfe 92536 cyrus-sasl2-mit-dbg_2.1.26.dfsg1-8_amd64.deb a3729397c3f40bd8db8ef077b40127d8dff367246800de8a3381d98a06f572c3 93082 cyrus-sasl2-heimdal-dbg_2.1.26.dfsg1-8_amd64.deb Files: 4a47e956a619bcc3429766f8258bb962 3172 libs standard cyrus-sasl2_2.1.26.dfsg1-8.dsc 55e2f03053fbd93584129c368109ee61 90836 libs standard cyrus-sasl2_2.1.26.dfsg1-8.debian.tar.xz bb44e8361d251d0b2f44c81964ee16bb 164952 utils optional sasl2-bin_2.1.26.dfsg1-8_amd64.deb c2c74a1421b7cce76a0f51cf07cb7b86 106678 doc optional cyrus-sasl2-doc_2.1.26.dfsg1-8_all.deb a157f346fd222778a35c30e5adc74aed 103346 libs standard libsasl2-2_2.1.26.dfsg1-8_amd64.deb eb19102cf9007473e9483b4b1448dca6 99454 libs optional libsasl2-modules_2.1.26.dfsg1-8_amd64.deb 6884836d29e3d301daf8aed62d05da03 66302 libs standard libsasl2-modules-db_2.1.26.dfsg1-8_amd64.deb 9e7a1477fc6f7c0a87e98058323da560 65248 libs extra libsasl2-modules-ldap_2.1.26.dfsg1-8_amd64.deb 3960dd0c52e35066305dcb91d08592b3 77848 libs extra libsasl2-modules-otp_2.1.26.dfsg1-8_amd64.deb 79dcc89663d0c9510cdd71de2b438664 67860 libs extra libsasl2-modules-sql_2.1.26.dfsg1-8_amd64.deb b3a8be0f5f042003df80a4cc442dbdb8 88602 libs extra libsasl2-modules-gssapi-mit_2.1.26.dfsg1-8_amd64.deb 71b323d09fe77117d6f936531f077046 305560 libdevel optional libsasl2-dev_2.1.26.dfsg1-8_amd64.deb c2981aefe4672cc54110ff9c89392ad3 69946 libs extra libsasl2-modules-gssapi-heimdal_2.1.26.dfsg1-8_amd64.deb 8fe5f698c6f0df71b01e50ec4995a788 833166 debug extra cyrus-sasl2-dbg_2.1.26.dfsg1-8_amd64.deb 41e52c1d523c285cfd2d6b4a4ef8981d 92536 debug extra cyrus-sasl2-mit-dbg_2.1.26.dfsg1-8_amd64.deb 1df0ce6dbfdef91fa06b63b792e343f9 93082 debug extra cyrus-sasl2-heimdal-dbg_2.1.26.dfsg1-8_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJS+rqcAAoJECzXeF7dp7IPK4cP/Reu3W36C0GupABS7HqRJBkP jIog3rLljEHB1NhV+6b7IDzsGYT8iEFnDXO0yd20SzJYO3Lb2FFtkoBAIzei1xL4 gdr/7LyzhoeAOiMvOJUNaOwgy5qqx//0teMMsyHyO9jxPQkVSpc1ygxVl0gtkKfj sfEJzFtu5F6cWWiHEZ+uo1qI6tRWiTmnbvJrCYQXMbcb7JXlY/9CZcQLOXjjI6ih tWwCyICZKWoUe+4GW6mJmONwpKcoboxCtUEeR9/vo3AzZ9UWHMz6Az8ZIv6dt4+C hfCpystH1x+JZKVmY3SpjTxA6T85Bvve4CjdUDSjyY7jwBVbEH5MMDSVSE0aHxud ajhN4DDfSBC/bSf30+JV42elu5HkWvVGqlstshfIr/uFgENRbVYeKYkailhhVD/P sFb63pP4E6CFiTrTlp9XMScZWlxQjz3RHKbIw9cdO5w0n//w0oF2kpD0BL/mNYuS WZBQWXJSgNC4hQbK8cgPuVDbsBNlUck9U35Gn0Lnn4PVWNowMkX0OmOSoKl7qww2 fw0z7L0ZKg+JBo58y3pyB6uI3FtM2Iv+mb0ItPyrwpePLA+anAVf0s43r0WzxUL3 UEM1ECK7PQqOICD5APYeFAovQRB+tRWduYqF9j0JHh2ia/888reUSLfvmnAAlIXb zcF6We8wGGyG0zeaaoef =7M1/ -----END PGP SIGNATURE-----
--- End Message ---
