RE: IMAP authentication via LDAPS

Fri, 07 Oct 2005 07:23:39 -0700
Did you use --with-ipctype=doors to build cyrus-sasl? Your saslauthd binary depends on two different openssl packages which may cause problems. (it looks like mit krb libs use openssl 0.9.8 and saslauthd/openldap libs use 0.9.7). 


I recommend you use ipctype 'unix' since the ldap module may not be thread 
safe (this may be the case with your mit kerb libs as well) and resolve 
openssl conflict.


-Igor

On Fri, 7 Oct 2005, Saltmarsh, Evan M wrote:


Igor,

Here is the ldd information from saslauthd.  I'm using version
2.1.21,REV=2005.07.10.

Thanks for the help.

Evan

       libgssapi_krb5.so.2 =>   /usr/local/lib/libgssapi_krb5.so.2
       libkrb5.so.3 =>  /usr/local/lib/libkrb5.so.3
       libk5crypto.so.3 =>      /usr/local/lib/libk5crypto.so.3
       libcom_err.so.3 =>       /usr/local/lib/libcom_err.so.3
       libresolv.so.2 =>        /lib/libresolv.so.2
       libsocket.so.1 =>        /lib/libsocket.so.1
       libnsl.so.1 =>   /lib/libnsl.so.1
       libpam.so.1 =>   /lib/libpam.so.1
       libldap.so.2 =>  /opt/csw/lib/sparcv8/libldap.so.2
       liblber.so.2 =>  /opt/csw/lib/sparcv8/liblber.so.2
       libcrypto.so.0.9.7 =>
/opt/csw/lib/sparcv8plus/libcrypto.so.0.9.7
       libdoor.so.1 =>  /lib/libdoor.so.1
       libpthread.so.1 =>       /lib/libpthread.so.1
       libc.so.1 =>     /lib/libc.so.1
       libkrb5support.so.0 =>   /usr/local/lib/libkrb5support.so.0
       libgcc_s.so.1 =>         /usr/local/lib/libgcc_s.so.1
       libdl.so.1 =>    /lib/libdl.so.1
       libmp.so.2 =>    /lib/libmp.so.2
       libcmd.so.1 =>   /lib/libcmd.so.1
       libgen.so.1 =>   /lib/libgen.so.1
       libnet.so =>     /opt/csw/lib/sparcv8/libnet.so
       libsasl2.so.2 =>         /opt/csw/lib/sparcv8/libsasl2.so.2
       libssl.so.0.9.8 =>       /usr/local/lib/libssl.so.0.9.8
       libcrypto.so.0.9.8 =>    /usr/local/lib/libcrypto.so.0.9.8
       libthread.so.1 =>        /lib/libthread.so.1
       /usr/platform/SUNW,Sun-Fire-V490/lib/libc_psr.so.1

Evan Saltmarsh
UNIX Systems Administrator
Information Technology Services
Vanderbilt University
Office:  (615) 322-2156
Cell:  (615) 491-4115

-----Original Message-----
From: Igor Brezac [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 06, 2005 3:58 PM
To: Saltmarsh, Evan M
Cc: info-cyrus@lists.andrew.cmu.edu
Subject: RE: IMAP authentication via LDAPS

On Thu, 6 Oct 2005, Saltmarsh, Evan M wrote:


Well good news and bad.  I've determined that the saslauthd is

crashing

when the call is made, but the truss is cryptic in nature.  Here is

the

tail end, don't know if it's helpful or not.

26866/2:        getpid()                                        =

26866

[1]
26866/2:        write(6, "8092010301\0 i\0\0\0  \0".., 148)     = 148
26866/2:        read(6, "16030104 B02\0", 7)                    = 7
26866/2:        time()                                          =
1128629768
26866/2:        time()                                          =
1128629768
26866/2:        getpid()                                        =

26866

[1]
26866/2:        read(6, "\0 F0301\0\01812 d R v Y".., 1088)     = 1088
26866/2:            Incurred fault #6, FLTBOUNDS  %pc = 0xFEB9F95C
26866/2:              siginfo: SIGSEGV SEGV_MAPERR addr=0x00000008
26866/2:            Received signal #11, SIGSEGV [default]
26866/2:              siginfo: SIGSEGV SEGV_MAPERR addr=0x00000008


What version of saslauthd do you use?  Please email 'ldd saslauthd'.

-Igor



Evan Saltmarsh
UNIX Systems Administrator
Information Technology Services
Vanderbilt University
Office:  (615) 322-2156
Cell:  (615) 491-4115

-----Original Message-----
From: Andrew Morgan [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 06, 2005 3:03 PM
To: Saltmarsh, Evan M
Cc: info-cyrus@lists.andrew.cmu.edu
Subject: Re: IMAP authentication via LDAPS


On Thu, 6 Oct 2005, Saltmarsh, Evan M wrote:


I'm having trouble getting LDAPS to work with cyrus.  We've been able

to

get LDAPS to work using stunnel to encrypt the path, but if we change
the saslauthd.conf file to point to the LDAPS port, we get the

following

in our syslog, and it appears the connection to the LDAP server is

never

established.



Oct  6 10:39:34 tst-srvr imaps[25773]: [ID 702911 auth.notice] door

call

to saslauthd server failed: Interrupted system call

Oct  6 10:39:39 tst-srvr imaps[25773]: [ID 702911 auth.notice] door

call

to saslauthd server failed: Bad file number



Anybody else have problems / suggestions on how to get LDAPS
authentication to work?


Try running strace (linux) or truss (solaris) on the saslauthd master
process and the cyrus master process.  You'll want to have

strace/truss

follow forks.  The system calls near these error message will probably
expose the problem.

        Andy
----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html






--
Igor
----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html














    











					Reply via email to