IMAP authentication via LDAPS
Igor Brezac
igor at ipass.net
Fri Oct 7 10:09:58 EDT 2005
Did you use --with-ipctype=doors to build cyrus-sasl? Your saslauthd
binary depends on two different openssl packages which may cause problems.
(it looks like mit krb libs use openssl 0.9.8 and saslauthd/openldap libs
use 0.9.7).
I recommend you use ipctype 'unix' since the ldap module may not be thread
safe (this may be the case with your mit kerb libs as well) and resolve
openssl conflict.
-Igor
On Fri, 7 Oct 2005, Saltmarsh, Evan M wrote:
> Igor,
>
> Here is the ldd information from saslauthd. I'm using version
> 2.1.21,REV=2005.07.10.
>
> Thanks for the help.
>
> Evan
>
> libgssapi_krb5.so.2 => /usr/local/lib/libgssapi_krb5.so.2
> libkrb5.so.3 => /usr/local/lib/libkrb5.so.3
> libk5crypto.so.3 => /usr/local/lib/libk5crypto.so.3
> libcom_err.so.3 => /usr/local/lib/libcom_err.so.3
> libresolv.so.2 => /lib/libresolv.so.2
> libsocket.so.1 => /lib/libsocket.so.1
> libnsl.so.1 => /lib/libnsl.so.1
> libpam.so.1 => /lib/libpam.so.1
> libldap.so.2 => /opt/csw/lib/sparcv8/libldap.so.2
> liblber.so.2 => /opt/csw/lib/sparcv8/liblber.so.2
> libcrypto.so.0.9.7 =>
> /opt/csw/lib/sparcv8plus/libcrypto.so.0.9.7
> libdoor.so.1 => /lib/libdoor.so.1
> libpthread.so.1 => /lib/libpthread.so.1
> libc.so.1 => /lib/libc.so.1
> libkrb5support.so.0 => /usr/local/lib/libkrb5support.so.0
> libgcc_s.so.1 => /usr/local/lib/libgcc_s.so.1
> libdl.so.1 => /lib/libdl.so.1
> libmp.so.2 => /lib/libmp.so.2
> libcmd.so.1 => /lib/libcmd.so.1
> libgen.so.1 => /lib/libgen.so.1
> libnet.so => /opt/csw/lib/sparcv8/libnet.so
> libsasl2.so.2 => /opt/csw/lib/sparcv8/libsasl2.so.2
> libssl.so.0.9.8 => /usr/local/lib/libssl.so.0.9.8
> libcrypto.so.0.9.8 => /usr/local/lib/libcrypto.so.0.9.8
> libthread.so.1 => /lib/libthread.so.1
> /usr/platform/SUNW,Sun-Fire-V490/lib/libc_psr.so.1
>
> Evan Saltmarsh
> UNIX Systems Administrator
> Information Technology Services
> Vanderbilt University
> Office: (615) 322-2156
> Cell: (615) 491-4115
>
> -----Original Message-----
> From: Igor Brezac [mailto:igor at ypass.net]
> Sent: Thursday, October 06, 2005 3:58 PM
> To: Saltmarsh, Evan M
> Cc: info-cyrus at lists.andrew.cmu.edu
> Subject: RE: IMAP authentication via LDAPS
>
> On Thu, 6 Oct 2005, Saltmarsh, Evan M wrote:
>
>> Well good news and bad. I've determined that the saslauthd is
> crashing
>> when the call is made, but the truss is cryptic in nature. Here is
> the
>> tail end, don't know if it's helpful or not.
>>
>> 26866/2: getpid() =
> 26866
>> [1]
>> 26866/2: write(6, "8092010301\0 i\0\0\0 \0".., 148) = 148
>> 26866/2: read(6, "16030104 B02\0", 7) = 7
>> 26866/2: time() =
>> 1128629768
>> 26866/2: time() =
>> 1128629768
>> 26866/2: getpid() =
> 26866
>> [1]
>> 26866/2: read(6, "\0 F0301\0\01812 d R v Y".., 1088) = 1088
>> 26866/2: Incurred fault #6, FLTBOUNDS %pc = 0xFEB9F95C
>> 26866/2: siginfo: SIGSEGV SEGV_MAPERR addr=0x00000008
>> 26866/2: Received signal #11, SIGSEGV [default]
>> 26866/2: siginfo: SIGSEGV SEGV_MAPERR addr=0x00000008
>
> What version of saslauthd do you use? Please email 'ldd saslauthd'.
>
> -Igor
>
>>
>> Evan Saltmarsh
>> UNIX Systems Administrator
>> Information Technology Services
>> Vanderbilt University
>> Office: (615) 322-2156
>> Cell: (615) 491-4115
>>
>> -----Original Message-----
>> From: Andrew Morgan [mailto:morgan at orst.edu]
>> Sent: Thursday, October 06, 2005 3:03 PM
>> To: Saltmarsh, Evan M
>> Cc: info-cyrus at lists.andrew.cmu.edu
>> Subject: Re: IMAP authentication via LDAPS
>>
>>
>> On Thu, 6 Oct 2005, Saltmarsh, Evan M wrote:
>>
>>> I'm having trouble getting LDAPS to work with cyrus. We've been able
>> to
>>> get LDAPS to work using stunnel to encrypt the path, but if we change
>>> the saslauthd.conf file to point to the LDAPS port, we get the
>> following
>>> in our syslog, and it appears the connection to the LDAP server is
>> never
>>> established.
>>>
>>>
>>>
>>> Oct 6 10:39:34 tst-srvr imaps[25773]: [ID 702911 auth.notice] door
>> call
>>> to saslauthd server failed: Interrupted system call
>>>
>>> Oct 6 10:39:39 tst-srvr imaps[25773]: [ID 702911 auth.notice] door
>> call
>>> to saslauthd server failed: Bad file number
>>>
>>>
>>>
>>> Anybody else have problems / suggestions on how to get LDAPS
>>> authentication to work?
>>
>> Try running strace (linux) or truss (solaris) on the saslauthd master
>> process and the cyrus master process. You'll want to have
> strace/truss
>> follow forks. The system calls near these error message will probably
>> expose the problem.
>>
>> Andy
>> ----
>> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>
>
>
--
Igor
More information about the Info-cyrus
mailing list