[Dovecot] dovecot-1.1.13 auth-worker killed

Jiri Novosad novosad at fi.muni.cz
Mon Apr 6 11:40:52 EEST 2009 

Timo Sirainen wrote:
> On Apr 3, 2009, at 4:31 AM, Jiri Novosad wrote:
> 
>> #0  0x0000003d5e60d6fc in ?? () from /lib64/libselinux.so.1
>> #1  0x0000003d5e60d86b in matchpathcon () from /lib64/libselinux.so.1
>> #2  0x0000003d64203d3b in ?? () from /usr/lib64/libkrb5support.so.0
>> #3  0x0000003d64204064 in krb5int_labeled_fopen () from
>> /usr/lib64/libkrb5support.so.0
>> #4  0x0000003d63679188 in profile_update_file_data () from
>> /usr/lib64/libkrb5.so.3
>> #5  0x0000003d63679f3e in profile_open_file () from
>> /usr/lib64/libkrb5.so.3
>> #6  0x0000003d6367d3dc in profile_init () from /usr/lib64/libkrb5.so.3
>> #7  0x0000003d636715e2 in ?? () from /usr/lib64/libkrb5.so.3
>> #8  0x0000003d63671742 in krb5_os_init_context () from
>> /usr/lib64/libkrb5.so.3
>> #9  0x0000003d6365a91e in ?? () from /usr/lib64/libkrb5.so.3
>> #10 0x00002ba68be0d044 in ?? () from /lib64/security/pam_krb5.so
>> #11 0x00002ba68be096d2 in pam_sm_authenticate () from
>> /lib64/security/pam_krb5.so
>> #12 0x0000003d6a802dc7 in _pam_dispatch () from /lib64/libpam.so.0
>> #13 0x0000003d6a8026d2 in pam_authenticate () from /lib64/libpam.so.0
> 
> So you're using pam_krb5? Is dovecot-auth linked against any Kerberos
> libs? If it is, see if it helps by disabling gssapi when configuring.
> Maybe there is some library conflict.

Yes, sorry, my pam setup:

# cat /etc/pam.d/dovecot 
auth       include      system-auth
auth       sufficient   pam_krb5.so
account    required     pam_nologin.so
account    required     pam_ldap_fi.so # site-specific, checks host=?
account    include      system-auth

# cat /etc/pam.d/system-auth
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        sufficient    pam_krb5.so use_first_pass 
auth        sufficient    pam_ldap.so use_first_pass

auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        required      pam_deny.so

account     sufficient    pam_unix.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     sufficient    pam_ldap.so
account     sufficient    pam_krb5.so

account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
password    sufficient    pam_ldap.so use_authtok
password    sufficient    pam_krb5.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     sufficient    pam_unix.so
session     sufficient    pam_ldap.so
session     optional      pam_krb5.so

I ran:
# ldd /export/packages/run.linux.64/dovecot-1.1.13/libexec/dovecot/dovecot-auth
        libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000003d6d800000)
        libpam.so.0 => /lib64/libpam.so.0 (0x0000003d6a800000)
        libdl.so.2 => /lib64/libdl.so.2 (0x0000003d5d600000)
        libc.so.6 => /lib64/libc.so.6 (0x0000003d5ce00000)
        libaudit.so.0 => /lib64/libaudit.so.0 (0x0000003d65200000)
        /lib64/ld-linux-x86-64.so.2 (0x0000003d5ca00000)
and then:

# ldd /export/packages/run.linux.64/dovecot-1.1.12/libexec/dovecot/dovecot-auth
        libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000003d6d800000)
        libpam.so.0 => /lib64/libpam.so.0 (0x0000003d6a800000)
        libldap-2.3.so.0 => /usr/lib64/libldap-2.3.so.0 (0x0000003d5d200000)
        libdl.so.2 => /lib64/libdl.so.2 (0x0000003d5d600000)
        libc.so.6 => /lib64/libc.so.6 (0x0000003d5ce00000)
        liblber-2.3.so.0 => /usr/lib64/liblber-2.3.so.0 (0x0000003d5da00000)
        libaudit.so.0 => /lib64/libaudit.so.0 (0x0000003d65200000)
        libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003d61200000)
        libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x0000003d72c00000)
        libssl.so.6 => /lib64/libssl.so.6 (0x0000003d67a00000)
        libcrypto.so.6 => /lib64/libcrypto.so.6 (0x0000003d62200000)
        /lib64/ld-linux-x86-64.so.2 (0x0000003d5ca00000)
        libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2 (0x0000003d63a00000)
        libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x0000003d63600000)
        libcom_err.so.2 => /lib64/libcom_err.so.2 (0x0000003d61a00000)
        libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x0000003d63e00000)
        libz.so.1 => /usr/lib64/libz.so.1 (0x0000003d5de00000)
        libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0 (0x0000003d64200000)
        libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x0000003d62600000)
        libselinux.so.1 => /lib64/libselinux.so.1 (0x0000003d5e600000)
        libsepol.so.1 => /lib64/libsepol.so.1 (0x0000003d5ea00000)

which reminded me, that there *were* some changes between the versions :).

This is how I configured 1.1.12:
./configure --without-nss --with-storages=mbox,raw --with-ldap=yes --without-docs --prefix=/packages/run.64/dovecot-1.1.12/

and 1.1.13:
./configure --with-storages=mbox,raw --without-docs --prefix=/packages/run.64/dovecot-1.1.13/

Now when I use the same configuration with 13 as with 12, there are no errors.

Jiri Novosad

More information about the dovecot mailing list