On 23/02/2010 14:18, Alexander Nedotsukov wrote:
The patch in question was committed a few month ago. I can only add that on my
8-STABLE machine the combination of cyrus/gssapi/openldap works fine.
You have to check if output of ldd /usr/lib/libgssapi_krb5.so produce output
like this:
/usr/lib/libgssapi_krb5.so:
libgssapi.so.10 => /usr/lib/libgssapi.so.10 (0x281ac000)
libkrb5.so.10 => /usr/lib/libkrb5.so.10 (0x28300000)
libhx509.so.10 => /usr/lib/libhx509.so.10 (0x281b5000)
libcrypto.so.6 => /lib/libcrypto.so.6 (0x2835b000)
libroken.so.10 => /usr/lib/libroken.so.10 (0x281e9000)
libasn1.so.10 => /usr/lib/libasn1.so.10 (0x284ae000)
libcom_err.so.5 => /usr/lib/libcom_err.so.5 (0x281f8000)
libcrypt.so.5 => /lib/libcrypt.so.5 (0x28527000)
libc.so.7 => /lib/libc.so.7 (0x2808e000)
On 23.02.2010, at 2:06, George Mamalakis wrote:
On 07/10/2009 07:38, John Marshall wrote:
access with gssapi auth from a client succeeded.
Perhaps George Mamalakis could test the _spnego case?
Guys,
I am terribly sorry to tell you that I just now saw this conversation(!?!! 4
months later !!!). This is due to the fact that at that time I was mainly
tracking the fbsd-stable list (my first email started in fbsd-stable list), and
since I use filters in thunderbird, I never got to see your emails in my
inbox...truly sorry once more!!!
I don't know if Alexander's patch is still valid but from what I realize -since I have
built many systems based on fbsd-stable (with latest sources) and I had to
"hack" krb5-config in order to achieve correct behavior of
cyrus/gssapi/spnego/openldap- it hasn't yet been commited to fbsd8-stable sources. If
so, I will apply it on my machines and rerun my applications.
Sorry again for the delay!
--
George Mamalakis
IT Officer
Electrical and Computer Engineer (Aristotle Un. of Thessaloniki),
MSc (Imperial College of London)
Department of Electrical and Computer Engineering
Faculty of Engineering
Aristotle University of Thessaloniki
phone number : +30 (2310) 994379
Alexander,
using sources of 19/02/2010, I recompiled cyrus with the original
/usr/bin/krb5-config, and ldapwhoami worked fine. The output of ldd
/usr/lib/libgssapi_krb5.so is the one to be expected, so things must be ok.
The only problem I still have, and which has to do with
freebsd/heimdal/openldap/cyrus bundle, is that openldap-sasl-client
(i386) segfaults when using ldapwhoami if run without having obtained a
ticket first.
I have sent an email to fbsd-stable list with subject: "openldap client
GSSAPI authentication segfaults in fbsd8stable i386" regarding this
issue, where I list all my tests on all different machines, and a stack
trace of the system where ldapwhoami segfaults. I have received no
answer for this topic yet, but I think that if some of you reads it, he
may find an answer. At the time of this writing, on fbsd8stable systems
(i386) with heimdal/openldap-sasl-client/cyrus-sasl, ldapwhoami and
ldapsearch segfault when called without a ticket.
Thank you for your answer, and I am looking forward to see some feedback
on this issue.
Best regards,
George Mamalakis
--
George Mamalakis
IT Officer
Electrical and Computer Engineer (Aristotle Un. of Thessaloniki),
MSc (Imperial College of London)
Department of Electrical and Computer Engineering
Faculty of Engineering
Aristotle University of Thessaloniki
phone number : +30 (2310) 994379
_______________________________________________
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
