SASL + IMAP + GSSAPI failure (other gssapi stuff works)

Jeff Blaine jblaine at kickflop.net
Wed Feb 7 15:42:56 EST 2007


Ken Hornstein wrote:
>> Doesn't work as native jblaine with kerberos creds either:
>> [...]
> 
> Hrm.
> 
> Okay, I have some stupid questions now.
> 
> - Do you have a KRB5CCNAME environment variable set?

No

> - What OS is this?

Solaris 9 SPARC

> - What version of Kerberos are you using?

MIT 1.5.1

> A system call trace on imtest might be useful; you could see what credential
> cache it is trying to open (assuming that is the real error and the problem
> isn't being masked by something else).

The right one:

25789:  open("/tmp/krb5cc_26560_VKaqJX", O_RDONLY)      = 5
25789:  open("/tmp/krb5cc_26560_VKaqJX", O_RDONLY)      = 5
25789:  open("/tmp/krb5cc_26560_VKaqJX", O_RDONLY)      = 5

Here's where things go wrong I suppose.  I can't make any sense
of it.

25851:  open("/export/k5/etc/krb5.conf", O_RDONLY)      = 5
25851:  access("/export/k5/etc/krb5.conf", 2)           Err#13 EACCES
25851:  ioctl(5, TCGETA, 0xFFBFD244)                    Err#25 ENOTTY
25851:  read(5, " [ l i b d e f a u l t s".., 8192)     = 429
25851:  read(5, 0x000FF1D4, 8192)                       = 0
25851:  llseek(5, 0, SEEK_CUR)                          = 429
25851:  open("/dev/urandom", O_RDONLY)                  = 5
25851:  read(5, "D7 g V [D7C7F1F0E5 b =F5".., 20)       = 20
25851:  getpid()                                        = 25851 [25850]
25851:  getpid()                                        = 25851 [25850]
25851:  open("/proc/25851/psinfo", O_RDONLY)            = 5
25851:  read(5, "\b\0C4C8\0\0\001\0\0 dFB".., 336)      = 336
25851:  open("/dev/conslog", O_WRONLY)                  = 5
25851:  open("/usr/share/lib/zoneinfo/US/Eastern", O_RDONLY) = 6
25851:  read(6, " T Z i f\0\0\0\0\0\0\0\0".., 1267)     = 1267
25851:  getpid()                                        = 25851 [25850]
25851:  putmsg(5, 0xFFBFD208, 0xFFBFD1FC, 0)            = 0
25851:  open("/var/run/syslog_door", O_RDONLY)          = 6
25851:  getpid()                                        = 25851 [25850]
25851:  write(1, " A u t h e n t i c a t i".., 39)      = 39
25851:  write(1, " S e c u r i t y   s t r".., 28)      = 28
25851:  getrlimit(RLIMIT_NOFILE, 0xFFBFE538)            = 0
25851:  sigaction(SIGINT, 0xFFBFE480, 0xFFBFE500)       = 0
25851:  poll(0xFFBFDD30, 3, -1)                         = 2
25851:  alarm(0)                                        = 0
25851:  setitimer(ITIMER_REAL, 0xFFBFE530, 0xFFBFE520)  = 0
25851:  sigaction(SIGALRM, 0xFFBFE430, 0xFFBFE4E0)      = 0
25851:  sigfillset(0xFF0C2A40)                          = 0
25851:  sigprocmask(SIG_BLOCK, 0xFFBFE4D0, 0xFFBFE4C0)  = 0
25851:  setitimer(ITIMER_REAL, 0xFFBFE530, 0x00000000)  = 0
25851:      Received signal #14, SIGALRM, in sigsuspend() [caught]
25851:  sigsuspend(0xFFBFE4B0)                          Err#4 EINTR
25851:  setcontext(0xFFBFE198)
25851:  sigaction(SIGALRM, 0xFFBFE430, 0x00000000)      = 0
25851:  sigprocmask(SIG_UNBLOCK, 0xFFBFE4D0, 0x00000000) = 0
25851:  setitimer(ITIMER_REAL, 0xFFBFE520, 0x00000000)  = 0
25851:  poll(0xFFBFDD30, 3, -1)                         = 2
25851:  alarm(0)                                        = 0
25851:  setitimer(ITIMER_REAL, 0xFFBFE530, 0xFFBFE520)  = 0
25851:  sigaction(SIGALRM, 0xFFBFE430, 0xFFBFE4E0)      = 0
25851:  sigprocmask(SIG_BLOCK, 0xFFBFE4D0, 0xFFBFE4C0)  = 0
25851:  setitimer(ITIMER_REAL, 0xFFBFE530, 0x00000000)  = 0
...bunch more of this fun spew...
...then I hit Ctrl-C...

FWIW (likely nothing):

k5 # ls -ld /etc/krb5.conf /etc/krb5/krb5.conf /export/k5/etc
lrwxrwxrwx   1 root     other         19 Feb  7 15:37 /etc/krb5.conf -> 
/etc/krb5/krb5.conf
-rw-r--r--   1 root     other        429 Feb  2 18:15 /etc/krb5/krb5.conf
lrwxrwxrwx   1 root     other          9 Feb  7 15:38 /export/k5/etc -> 
/etc/krb5/
k5 #

k5 # ls -ld /etc/krb5.conf /etc/krb5/krb5.conf /export/k5/etc
lrwxrwxrwx   1 root     other         19 Feb  7 15:37 /etc/krb5.conf -> 
/etc/krb5/krb5.conf
-rw-r--r--   1 root     other        429 Feb  2 18:15 /etc/krb5/krb5.conf
lrwxrwxrwx   1 root     other          9 Feb  7 15:38 /export/k5/etc -> 
/etc/krb5/
k5 #


More information about the Cyrus-sasl mailing list