IMAP authentication via LDAPS

Igor Brezac igor at ipass.net
Fri Oct 7 10:09:58 EDT 2005 

Did you use --with-ipctype=doors to build cyrus-sasl?  Your saslauthd 
binary depends on two different openssl packages which may cause problems. 
(it looks like mit krb libs use openssl 0.9.8 and saslauthd/openldap libs 
use 0.9.7).

I recommend you use ipctype 'unix' since the ldap module may not be thread 
safe (this may be the case with your mit kerb libs as well) and resolve 
openssl conflict.

-Igor

On Fri, 7 Oct 2005, Saltmarsh, Evan M wrote:

> Igor,
>
> Here is the ldd information from saslauthd.  I'm using version
> 2.1.21,REV=2005.07.10.
>
> Thanks for the help.
>
> Evan
>
>        libgssapi_krb5.so.2 =>   /usr/local/lib/libgssapi_krb5.so.2
>        libkrb5.so.3 =>  /usr/local/lib/libkrb5.so.3
>        libk5crypto.so.3 =>      /usr/local/lib/libk5crypto.so.3
>        libcom_err.so.3 =>       /usr/local/lib/libcom_err.so.3
>        libresolv.so.2 =>        /lib/libresolv.so.2
>        libsocket.so.1 =>        /lib/libsocket.so.1
>        libnsl.so.1 =>   /lib/libnsl.so.1
>        libpam.so.1 =>   /lib/libpam.so.1
>        libldap.so.2 =>  /opt/csw/lib/sparcv8/libldap.so.2
>        liblber.so.2 =>  /opt/csw/lib/sparcv8/liblber.so.2
>        libcrypto.so.0.9.7 =>
> /opt/csw/lib/sparcv8plus/libcrypto.so.0.9.7
>        libdoor.so.1 =>  /lib/libdoor.so.1
>        libpthread.so.1 =>       /lib/libpthread.so.1
>        libc.so.1 =>     /lib/libc.so.1
>        libkrb5support.so.0 =>   /usr/local/lib/libkrb5support.so.0
>        libgcc_s.so.1 =>         /usr/local/lib/libgcc_s.so.1
>        libdl.so.1 =>    /lib/libdl.so.1
>        libmp.so.2 =>    /lib/libmp.so.2
>        libcmd.so.1 =>   /lib/libcmd.so.1
>        libgen.so.1 =>   /lib/libgen.so.1
>        libnet.so =>     /opt/csw/lib/sparcv8/libnet.so
>        libsasl2.so.2 =>         /opt/csw/lib/sparcv8/libsasl2.so.2
>        libssl.so.0.9.8 =>       /usr/local/lib/libssl.so.0.9.8
>        libcrypto.so.0.9.8 =>    /usr/local/lib/libcrypto.so.0.9.8
>        libthread.so.1 =>        /lib/libthread.so.1
>        /usr/platform/SUNW,Sun-Fire-V490/lib/libc_psr.so.1
>
> Evan Saltmarsh
> UNIX Systems Administrator
> Information Technology Services
> Vanderbilt University
> Office:  (615) 322-2156
> Cell:  (615) 491-4115
>
> -----Original Message-----
> From: Igor Brezac [mailto:igor at ypass.net]
> Sent: Thursday, October 06, 2005 3:58 PM
> To: Saltmarsh, Evan M
> Cc: info-cyrus at lists.andrew.cmu.edu
> Subject: RE: IMAP authentication via LDAPS
>
> On Thu, 6 Oct 2005, Saltmarsh, Evan M wrote:
>
>> Well good news and bad.  I've determined that the saslauthd is
> crashing
>> when the call is made, but the truss is cryptic in nature.  Here is
> the
>> tail end, don't know if it's helpful or not.
>>
>> 26866/2:        getpid()                                        =
> 26866
>> [1]
>> 26866/2:        write(6, "8092010301\0 i\0\0\0  \0".., 148)     = 148
>> 26866/2:        read(6, "16030104 B02\0", 7)                    = 7
>> 26866/2:        time()                                          =
>> 1128629768
>> 26866/2:        time()                                          =
>> 1128629768
>> 26866/2:        getpid()                                        =
> 26866
>> [1]
>> 26866/2:        read(6, "\0 F0301\0\01812 d R v Y".., 1088)     = 1088
>> 26866/2:            Incurred fault #6, FLTBOUNDS  %pc = 0xFEB9F95C
>> 26866/2:              siginfo: SIGSEGV SEGV_MAPERR addr=0x00000008
>> 26866/2:            Received signal #11, SIGSEGV [default]
>> 26866/2:              siginfo: SIGSEGV SEGV_MAPERR addr=0x00000008
>
> What version of saslauthd do you use?  Please email 'ldd saslauthd'.
>
> -Igor
>
>>
>> Evan Saltmarsh
>> UNIX Systems Administrator
>> Information Technology Services
>> Vanderbilt University
>> Office:  (615) 322-2156
>> Cell:  (615) 491-4115
>>
>> -----Original Message-----
>> From: Andrew Morgan [mailto:morgan at orst.edu]
>> Sent: Thursday, October 06, 2005 3:03 PM
>> To: Saltmarsh, Evan M
>> Cc: info-cyrus at lists.andrew.cmu.edu
>> Subject: Re: IMAP authentication via LDAPS
>>
>>
>> On Thu, 6 Oct 2005, Saltmarsh, Evan M wrote:
>>
>>> I'm having trouble getting LDAPS to work with cyrus.  We've been able
>> to
>>> get LDAPS to work using stunnel to encrypt the path, but if we change
>>> the saslauthd.conf file to point to the LDAPS port, we get the
>> following
>>> in our syslog, and it appears the connection to the LDAP server is
>> never
>>> established.
>>>
>>>
>>>
>>> Oct  6 10:39:34 tst-srvr imaps[25773]: [ID 702911 auth.notice] door
>> call
>>> to saslauthd server failed: Interrupted system call
>>>
>>> Oct  6 10:39:39 tst-srvr imaps[25773]: [ID 702911 auth.notice] door
>> call
>>> to saslauthd server failed: Bad file number
>>>
>>>
>>>
>>> Anybody else have problems / suggestions on how to get LDAPS
>>> authentication to work?
>>
>> Try running strace (linux) or truss (solaris) on the saslauthd master
>> process and the cyrus master process.  You'll want to have
> strace/truss
>> follow forks.  The system calls near these error message will probably
>> expose the problem.
>>
>> 	Andy
>> ----
>> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>
>
>

-- 
Igor

More information about the Info-cyrus mailing list