[389-users] Segfault

Edward Z. Yang ezyang at MIT.EDU
Sat Oct 9 08:36:20 UTC 2010 

Excerpts from Rich Megginson's message of Fri Oct 08 18:59:52 -0400 2010:
> Try running with the SHELL (1024) debug error log level.  This should 
> give more information about the principal, keytab, etc. that directory 
> server is using.

More logs:

[09/Oct/2010:04:29:48 -0400] - Listening on /var/run/dirsrv/slapd-scripts.socket for LDAPI requests
[09/Oct/2010:04:29:48 -0400] slapi_ldap_init_ext - Success: set up conn to [better-mousetrap.mit.edu:389]
[09/Oct/2010:04:29:48 -0400] set_krb5_creds - The default credentials cache [FILE:/tmp/krb5cc_485] not found: will create a new one.
[09/Oct/2010:04:29:48 -0400] slapi_ldap_init_ext - configpluginpath == NULL
[09/Oct/2010:04:29:48 -0400] slapi_ldap_init_ext - Success: set up conn to [whole-enchilada.mit.edu:389]
[09/Oct/2010:04:29:48 -0400] set_krb5_creds - Using principal named [ldap/old-faithful.mit.edu at ATHENA.MIT.EDU]
[09/Oct/2010:04:29:48 -0400] slapi_ldap_init_ext - Success: set up conn to [cats-whiskers.mit.edu:389]
[09/Oct/2010:04:29:48 -0400] set_krb5_creds - The default credentials cache [FILE:/tmp/krb5cc_485] not found: will create a new one.
[09/Oct/2010:04:29:48 -0400] set_krb5_creds - Using principal named [ldap/old-faithful.mit.edu at ATHENA.MIT.EDU]
[09/Oct/2010:04:29:48 -0400] set_krb5_creds - The default credentials cache [FILE:/tmp/krb5cc_485] not found: will create a new one.
[09/Oct/2010:04:29:48 -0400] set_krb5_creds - Using principal named [ldap/old-faithful.mit.edu at ATHENA.MIT.EDU]
[09/Oct/2010:04:29:48 -0400] set_krb5_creds - Using keytab named [WRFILE:/etc/dirsrv/keytab]
[09/Oct/2010:04:29:48 -0400] set_krb5_creds - Using keytab named [WRFILE:/etc/dirsrv/keytab]
[09/Oct/2010:04:29:48 -0400] set_krb5_creds - Using keytab named [WRFILE:/etc/dirsrv/keytab]
[09/Oct/2010:04:29:48 -0400] set_krb5_creds - Generated new memory ccache [MEMORY:N0KZtwJ]
[09/Oct/2010:04:29:48 -0400] show_cached_credentials - Ticket cache: MEMORY:N0KZtwJ
Default principal: ldap/old-faithful.mit.edu at ATHENA.MIT.EDU

[09/Oct/2010:04:29:48 -0400] show_one_credential -      Kerberos credential: client [ldap/old-faithful.mit.edu at ATHENA.MIT.EDU] server [krbtgt/ATHENA.MIT.EDU at ATHENA.MIT.EDU] start time [Sat Oct  9 04:30:00 2010] end time [Sun Oct 10 01:45:00 2010] renew time [Sun Oct 10 04:29:49 2010] flags [0x50c00000]
[09/Oct/2010:04:29:48 -0400] set_krb5_creds - Set new env for ccache: [KRB5CCNAME=MEMORY:N0KZtwJ]
[09/Oct/2010:04:29:48 -0400] set_krb5_creds - Generated new memory ccache [MEMORY:fyHs1On]
[09/Oct/2010:04:29:48 -0400] show_cached_credentials - Ticket cache: MEMORY:fyHs1On
Default principal: ldap/old-faithful.mit.edu at ATHENA.MIT.EDU

[09/Oct/2010:04:29:48 -0400] show_one_credential -      Kerberos credential: client [ldap/old-faithful.mit.edu at ATHENA.MIT.EDU] server [krbtgt/ATHENA.MIT.EDU at ATHENA.MIT.EDU] start time [Sat Oct  9 04:30:00 2010] end time [Sun Oct 10 01:45:00 2010] renew time [Sun Oct 10 04:29:49 2010] flags [0x50c00000]
[09/Oct/2010:04:29:48 -0400] set_krb5_creds - Set new env for ccache: [KRB5CCNAME=MEMORY:fyHs1On]
[09/Oct/2010:04:29:48 -0400] ldap_sasl_get_val - Using value [(null)] for SASL_CB_USER
[09/Oct/2010:04:29:48 -0400] set_krb5_creds - Generated new memory ccache [MEMORY:aIeSCnz]
[09/Oct/2010:04:29:48 -0400] show_cached_credentials - Ticket cache: MEMORY:aIeSCnz
Default principal: ldap/old-faithful.mit.edu at ATHENA.MIT.EDU

[09/Oct/2010:04:29:48 -0400] show_one_credential -      Kerberos credential: client [ldap/old-faithful.mit.edu at ATHENA.MIT.EDU] server [krbtgt/ATHENA.MIT.EDU at ATHENA.MIT.EDU] start time [Sat Oct  9 04:30:00 2010] end time [Sun Oct 10 01:45:00 2010] renew time [Sun Oct 10 04:29:49 2010] flags [0x50c00000]
[09/Oct/2010:04:29:48 -0400] set_krb5_creds - Set new env for ccache: [KRB5CCNAME=MEMORY:aIeSCnz]
[09/Oct/2010:04:29:48 -0400] ldap_sasl_get_val - Using value [(null)] for SASL_CB_USER
[09/Oct/2010:04:29:48 -0400] ldap_sasl_get_val - Using value [(null)] for SASL_CB_USER
[09/Oct/2010:04:29:48 -0400] ldap_sasl_get_val - Using value [(null)] for SASL_CB_USER
[09/Oct/2010:04:29:48 -0400] ldap_sasl_get_val - Using value [(null)] for SASL_CB_USER
[09/Oct/2010:04:29:48 -0400] ldap_sasl_get_val - Using value [(null)] for SASL_CB_USER

> What is the platform?  Are you using a newer version of kerberos?

Fedora 13.  We have the latest version of Kerberos with one custom patch:

Name        : krb5-libs
Arch        : x86_64
Version     : 1.7.1
Release     : 14.fc13.scripts.1671
Size        : 1.7 M
Repo        : installed
>From repo   : scripts
Summary     : The shared libraries used by Kerberos 5
URL         : http://web.mit.edu/kerberos/www/
License     : MIT
Description : Kerberos is a network authentication system. The krb5-libs package
            : contains the shared libraries needed by Kerberos 5. If you are using
            : Kerberos, you need to install this package.

that modifies src/lib/krb5/os/kuserok.c (which was not in the backtrace).

http://scripts.mit.edu/trac/browser/branches/fc13-dev/server/common/patches/krb5-kuserok-scripts.patch

Cheers,
Edward

More information about the 389-users mailing list