On 23/02/2010 14:18, Alexander Nedotsukov wrote: > The patch in question was committed a few month ago. I can only add that on my 8-STABLE machine the combination of cyrus/gssapi/openldap works fine. > You have to check if output of ldd /usr/lib/libgssapi_krb5.so produce output like this: > > /usr/lib/libgssapi_krb5.so: > libgssapi.so.10 => /usr/lib/libgssapi.so.10 (0x281ac000) > libkrb5.so.10 => /usr/lib/libkrb5.so.10 (0x28300000) > libhx509.so.10 => /usr/lib/libhx509.so.10 (0x281b5000) > libcrypto.so.6 => /lib/libcrypto.so.6 (0x2835b000) > libroken.so.10 => /usr/lib/libroken.so.10 (0x281e9000) > libasn1.so.10 => /usr/lib/libasn1.so.10 (0x284ae000) > libcom_err.so.5 => /usr/lib/libcom_err.so.5 (0x281f8000) > libcrypt.so.5 => /lib/libcrypt.so.5 (0x28527000) > libc.so.7 => /lib/libc.so.7 (0x2808e000) > > > On 23.02.2010, at 2:06, George Mamalakis wrote: > > >> On 07/10/2009 07:38, John Marshall wrote: >> >>> access with gssapi auth from a client succeeded. >>> >>> Perhaps George Mamalakis could test the _spnego case? >>> >> Guys, >> >> I am terribly sorry to tell you that I just now saw this conversation(!?!! 4 months later !!!). This is due to the fact that at that time I was mainly tracking the fbsd-stable list (my first email started in fbsd-stable list), and since I use filters in thunderbird, I never got to see your emails in my inbox...truly sorry once more!!! >> >> I don't know if Alexander's patch is still valid but from what I realize -since I have built many systems based on fbsd-stable (with latest sources) and I had to "hack" krb5-config in order to achieve correct behavior of cyrus/gssapi/spnego/openldap- it hasn't yet been commited to fbsd8-stable sources. If so, I will apply it on my machines and rerun my applications. >> >> Sorry again for the delay! >> >> -- >> George Mamalakis >> >> IT Officer >> Electrical and Computer Engineer (Aristotle Un. of Thessaloniki), >> MSc (Imperial College of London) >> >> Department of Electrical and Computer Engineering >> Faculty of Engineering >> Aristotle University of Thessaloniki >> >> phone number : +30 (2310) 994379 >> > Alexander, using sources of 19/02/2010, I recompiled cyrus with the original /usr/bin/krb5-config, and ldapwhoami worked fine. The output of ldd /usr/lib/libgssapi_krb5.so is the one to be expected, so things must be ok. The only problem I still have, and which has to do with freebsd/heimdal/openldap/cyrus bundle, is that openldap-sasl-client (i386) segfaults when using ldapwhoami if run without having obtained a ticket first. I have sent an email to fbsd-stable list with subject: "openldap client GSSAPI authentication segfaults in fbsd8stable i386" regarding this issue, where I list all my tests on all different machines, and a stack trace of the system where ldapwhoami segfaults. I have received no answer for this topic yet, but I think that if some of you reads it, he may find an answer. At the time of this writing, on fbsd8stable systems (i386) with heimdal/openldap-sasl-client/cyrus-sasl, ldapwhoami and ldapsearch segfault when called without a ticket. Thank you for your answer, and I am looking forward to see some feedback on this issue. Best regards, George Mamalakis -- George Mamalakis IT Officer Electrical and Computer Engineer (Aristotle Un. of Thessaloniki), MSc (Imperial College of London) Department of Electrical and Computer Engineering Faculty of Engineering Aristotle University of Thessaloniki phone number : +30 (2310) 994379Received on Thu Feb 25 2010 - 10:43:04 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:01 UTC