Re: freeradius crashes while using PAM
Christophe Dupre <[EMAIL PROTECTED]> wrote: > If there are memory leaks, they must not be that big because I've never > noticed any pam-using executable getting that big. Most PAM programs don't stay around for too long, and most don't do thousands to millions of PAM requests. On many platforms, the PAM libraries themselves have massive memory leaks. If the program using them makes only 2-3 PAM calls, it's not a problem. For FreeRADIUS, it's a serious problem. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius crashes while using PAM
The other reason is that I wasn't able to get freeradius to compile against Sun's LDAP libraries. I *think* freeradius expects openldap-specific implementation details. Chris Parker wrote: At 03:16 PM 9/9/2003, Christophe Dupre wrote: Searching the archives, I saw a mail about a similar problem back in June, but no follow-up... So, here's my problem. I'm running freeradius 0.9.1 (upgraded this morning) on a Solaris 9 machine. Authentication local users works great using rlm_unix, but now we'd like to use LDAP auth through PAM. Why not use LDAP directly? PAM has many issues, including known memory leaks ( in PAM, not FR ). -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius crashes while using PAM
That's my last resort option - I really like the idea of pam - configure it once, then if/when authentication source changes, only one place needs to be updated. If there are memory leaks, they must not be that big because I've never noticed any pam-using executable getting that big. Chris Parker wrote: At 03:16 PM 9/9/2003, Christophe Dupre wrote: Searching the archives, I saw a mail about a similar problem back in June, but no follow-up... So, here's my problem. I'm running freeradius 0.9.1 (upgraded this morning) on a Solaris 9 machine. Authentication local users works great using rlm_unix, but now we'd like to use LDAP auth through PAM. Why not use LDAP directly? PAM has many issues, including known memory leaks ( in PAM, not FR ). -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius crashes while using PAM
At 03:16 PM 9/9/2003, Christophe Dupre wrote: Searching the archives, I saw a mail about a similar problem back in June, but no follow-up... So, here's my problem. I'm running freeradius 0.9.1 (upgraded this morning) on a Solaris 9 machine. Authentication local users works great using rlm_unix, but now we'd like to use LDAP auth through PAM. Why not use LDAP directly? PAM has many issues, including known memory leaks ( in PAM, not FR ). -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius crashes while using PAM
Searching the archives, I saw a mail about a similar problem back in June, but no follow-up... So, here's my problem. I'm running freeradius 0.9.1 (upgraded this morning) on a Solaris 9 machine. Authentication local users works great using rlm_unix, but now we'd like to use LDAP auth through PAM. We have it configured on the system and it works great for all the other pam-enabled applications (sshd, login, sudo, etc), but radiusd crashes when provided bad credential. However, it works if provided good credentials. This is when testing with radtest: Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:32843, id=122, length=58 User-Name = "duprec" User-Password = "foo" NAS-IP-Address = 255.255.255.255 NAS-Port = 0 modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type PAM auth: type "PAM" modcall: entering group authenticate pam_pass: using pamauth string for pam.conf lookup Segmentation Fault (core dumped) The debugger gives this traceback: =>[1] PAM_conv(num_msg = 1, msg = 0xffbf9964, resp = 0xffbfd9d0, appdata_ptr = (nil)), line 144 in "rlm_pam.c" [2] __get_authtok(0xfef70778, 0x1, 0xffbf99c8, 0x0, 0xffbfd9d0, 0xfec29574), at 0xfec14ec4 [3] pam_sm_authenticate(0x0, 0xfec167c8, 0x2, 0x11c630, 0xfec1240c, 0xfef52ddc), at 0xfec12670 [4] run_stack(0x0, 0xfef67024, 0x9, 0x0, 0x1, 0xfef67100), at 0xfef52dfc [5] pam_authenticate(0x11d2e8, 0x0, 0xffbfdb08, 0xffbfdb04, 0x2, 0x28), at 0xfef53104 [6] pam_pass(name = 0x11bd04 "duprec", passwd = 0x11be54 "foo", pamauth = 0xbf538 "radiusd"), line 203 in "rlm_pam.c" [7] pam_auth(instance = 0xbf538, request = 0x11bbe8), line 273 in "rlm_pam.c" [8] 0x1d328(0xfef80fd4, 0xc1ac0, 0x11bbe8, 0x0, 0x1d540, 0x1d564), at 0x1d327 [9] modcall(0x0, 0xc1ac0, 0x11bbe8, 0xffbfbce0, 0x0, 0x0), at 0x1d41c [10] 0x1d36c(0x0, 0xc1ac0, 0x11bbe8, 0x0, 0x1d540, 0x1d564), at 0x1d36b [11] modcall(0x0, 0xc2608, 0x11bbe8, 0x3, 0x1d3e8, 0x1198f8), at 0x1d49c [12] rad_check_password(0x11bbe8, 0x418, 0x11bbe8, 0x0, 0x1, 0x0), at 0x19e04 [13] rad_authenticate(0x37400, 0x22069, 0x6, 0x5, 0x6e, 0x62), at 0x1a140 [14] rad_respond(0x11bbe8, 0x1a030, 0x804b, 0x11bac0, 0x11bc80, 0xbe2094c4), at 0x1502c [15] rad_process(0x11bbe8, 0x0, 0x20, 0xfff8, 0x37400, 0x36800), at 0x14ab0 [16] main(0xffbfebbc, 0x0, 0x37400, 0xffbfebbc, 0xeff0, 0xc17f0), at 0x143a0 Has anyone seen this ? Any help would be appreciated. Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html