SASL + IMAP + GSSAPI failure (other gssapi stuff works)
Jeff Blaine
jblaine at kickflop.net
Wed Feb 7 15:42:56 EST 2007
Ken Hornstein wrote:
>> Doesn't work as native jblaine with kerberos creds either:
>> [...]
>
> Hrm.
>
> Okay, I have some stupid questions now.
>
> - Do you have a KRB5CCNAME environment variable set?
No
> - What OS is this?
Solaris 9 SPARC
> - What version of Kerberos are you using?
MIT 1.5.1
> A system call trace on imtest might be useful; you could see what credential
> cache it is trying to open (assuming that is the real error and the problem
> isn't being masked by something else).
The right one:
25789: open("/tmp/krb5cc_26560_VKaqJX", O_RDONLY) = 5
25789: open("/tmp/krb5cc_26560_VKaqJX", O_RDONLY) = 5
25789: open("/tmp/krb5cc_26560_VKaqJX", O_RDONLY) = 5
Here's where things go wrong I suppose. I can't make any sense
of it.
25851: open("/export/k5/etc/krb5.conf", O_RDONLY) = 5
25851: access("/export/k5/etc/krb5.conf", 2) Err#13 EACCES
25851: ioctl(5, TCGETA, 0xFFBFD244) Err#25 ENOTTY
25851: read(5, " [ l i b d e f a u l t s".., 8192) = 429
25851: read(5, 0x000FF1D4, 8192) = 0
25851: llseek(5, 0, SEEK_CUR) = 429
25851: open("/dev/urandom", O_RDONLY) = 5
25851: read(5, "D7 g V [D7C7F1F0E5 b =F5".., 20) = 20
25851: getpid() = 25851 [25850]
25851: getpid() = 25851 [25850]
25851: open("/proc/25851/psinfo", O_RDONLY) = 5
25851: read(5, "\b\0C4C8\0\0\001\0\0 dFB".., 336) = 336
25851: open("/dev/conslog", O_WRONLY) = 5
25851: open("/usr/share/lib/zoneinfo/US/Eastern", O_RDONLY) = 6
25851: read(6, " T Z i f\0\0\0\0\0\0\0\0".., 1267) = 1267
25851: getpid() = 25851 [25850]
25851: putmsg(5, 0xFFBFD208, 0xFFBFD1FC, 0) = 0
25851: open("/var/run/syslog_door", O_RDONLY) = 6
25851: getpid() = 25851 [25850]
25851: write(1, " A u t h e n t i c a t i".., 39) = 39
25851: write(1, " S e c u r i t y s t r".., 28) = 28
25851: getrlimit(RLIMIT_NOFILE, 0xFFBFE538) = 0
25851: sigaction(SIGINT, 0xFFBFE480, 0xFFBFE500) = 0
25851: poll(0xFFBFDD30, 3, -1) = 2
25851: alarm(0) = 0
25851: setitimer(ITIMER_REAL, 0xFFBFE530, 0xFFBFE520) = 0
25851: sigaction(SIGALRM, 0xFFBFE430, 0xFFBFE4E0) = 0
25851: sigfillset(0xFF0C2A40) = 0
25851: sigprocmask(SIG_BLOCK, 0xFFBFE4D0, 0xFFBFE4C0) = 0
25851: setitimer(ITIMER_REAL, 0xFFBFE530, 0x00000000) = 0
25851: Received signal #14, SIGALRM, in sigsuspend() [caught]
25851: sigsuspend(0xFFBFE4B0) Err#4 EINTR
25851: setcontext(0xFFBFE198)
25851: sigaction(SIGALRM, 0xFFBFE430, 0x00000000) = 0
25851: sigprocmask(SIG_UNBLOCK, 0xFFBFE4D0, 0x00000000) = 0
25851: setitimer(ITIMER_REAL, 0xFFBFE520, 0x00000000) = 0
25851: poll(0xFFBFDD30, 3, -1) = 2
25851: alarm(0) = 0
25851: setitimer(ITIMER_REAL, 0xFFBFE530, 0xFFBFE520) = 0
25851: sigaction(SIGALRM, 0xFFBFE430, 0xFFBFE4E0) = 0
25851: sigprocmask(SIG_BLOCK, 0xFFBFE4D0, 0xFFBFE4C0) = 0
25851: setitimer(ITIMER_REAL, 0xFFBFE530, 0x00000000) = 0
...bunch more of this fun spew...
...then I hit Ctrl-C...
FWIW (likely nothing):
k5 # ls -ld /etc/krb5.conf /etc/krb5/krb5.conf /export/k5/etc
lrwxrwxrwx 1 root other 19 Feb 7 15:37 /etc/krb5.conf ->
/etc/krb5/krb5.conf
-rw-r--r-- 1 root other 429 Feb 2 18:15 /etc/krb5/krb5.conf
lrwxrwxrwx 1 root other 9 Feb 7 15:38 /export/k5/etc ->
/etc/krb5/
k5 #
k5 # ls -ld /etc/krb5.conf /etc/krb5/krb5.conf /export/k5/etc
lrwxrwxrwx 1 root other 19 Feb 7 15:37 /etc/krb5.conf ->
/etc/krb5/krb5.conf
-rw-r--r-- 1 root other 429 Feb 2 18:15 /etc/krb5/krb5.conf
lrwxrwxrwx 1 root other 9 Feb 7 15:38 /export/k5/etc ->
/etc/krb5/
k5 #
More information about the Cyrus-sasl
mailing list