[Dovecot] dovecot-1.1.13 auth-worker killed
Jiri Novosad
novosad at fi.muni.cz
Mon Apr 6 11:40:52 EEST 2009
Timo Sirainen wrote:
> On Apr 3, 2009, at 4:31 AM, Jiri Novosad wrote:
>
>> #0 0x0000003d5e60d6fc in ?? () from /lib64/libselinux.so.1
>> #1 0x0000003d5e60d86b in matchpathcon () from /lib64/libselinux.so.1
>> #2 0x0000003d64203d3b in ?? () from /usr/lib64/libkrb5support.so.0
>> #3 0x0000003d64204064 in krb5int_labeled_fopen () from
>> /usr/lib64/libkrb5support.so.0
>> #4 0x0000003d63679188 in profile_update_file_data () from
>> /usr/lib64/libkrb5.so.3
>> #5 0x0000003d63679f3e in profile_open_file () from
>> /usr/lib64/libkrb5.so.3
>> #6 0x0000003d6367d3dc in profile_init () from /usr/lib64/libkrb5.so.3
>> #7 0x0000003d636715e2 in ?? () from /usr/lib64/libkrb5.so.3
>> #8 0x0000003d63671742 in krb5_os_init_context () from
>> /usr/lib64/libkrb5.so.3
>> #9 0x0000003d6365a91e in ?? () from /usr/lib64/libkrb5.so.3
>> #10 0x00002ba68be0d044 in ?? () from /lib64/security/pam_krb5.so
>> #11 0x00002ba68be096d2 in pam_sm_authenticate () from
>> /lib64/security/pam_krb5.so
>> #12 0x0000003d6a802dc7 in _pam_dispatch () from /lib64/libpam.so.0
>> #13 0x0000003d6a8026d2 in pam_authenticate () from /lib64/libpam.so.0
>
> So you're using pam_krb5? Is dovecot-auth linked against any Kerberos
> libs? If it is, see if it helps by disabling gssapi when configuring.
> Maybe there is some library conflict.
Yes, sorry, my pam setup:
# cat /etc/pam.d/dovecot
auth include system-auth
auth sufficient pam_krb5.so
account required pam_nologin.so
account required pam_ldap_fi.so # site-specific, checks host=?
account include system-auth
# cat /etc/pam.d/system-auth
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth sufficient pam_krb5.so use_first_pass
auth sufficient pam_ldap.so use_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
account sufficient pam_unix.so
account sufficient pam_succeed_if.so uid < 500 quiet
account sufficient pam_ldap.so
account sufficient pam_krb5.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok
password sufficient pam_krb5.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session sufficient pam_unix.so
session sufficient pam_ldap.so
session optional pam_krb5.so
I ran:
# ldd /export/packages/run.linux.64/dovecot-1.1.13/libexec/dovecot/dovecot-auth
libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000003d6d800000)
libpam.so.0 => /lib64/libpam.so.0 (0x0000003d6a800000)
libdl.so.2 => /lib64/libdl.so.2 (0x0000003d5d600000)
libc.so.6 => /lib64/libc.so.6 (0x0000003d5ce00000)
libaudit.so.0 => /lib64/libaudit.so.0 (0x0000003d65200000)
/lib64/ld-linux-x86-64.so.2 (0x0000003d5ca00000)
and then:
# ldd /export/packages/run.linux.64/dovecot-1.1.12/libexec/dovecot/dovecot-auth
libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000003d6d800000)
libpam.so.0 => /lib64/libpam.so.0 (0x0000003d6a800000)
libldap-2.3.so.0 => /usr/lib64/libldap-2.3.so.0 (0x0000003d5d200000)
libdl.so.2 => /lib64/libdl.so.2 (0x0000003d5d600000)
libc.so.6 => /lib64/libc.so.6 (0x0000003d5ce00000)
liblber-2.3.so.0 => /usr/lib64/liblber-2.3.so.0 (0x0000003d5da00000)
libaudit.so.0 => /lib64/libaudit.so.0 (0x0000003d65200000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003d61200000)
libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x0000003d72c00000)
libssl.so.6 => /lib64/libssl.so.6 (0x0000003d67a00000)
libcrypto.so.6 => /lib64/libcrypto.so.6 (0x0000003d62200000)
/lib64/ld-linux-x86-64.so.2 (0x0000003d5ca00000)
libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2 (0x0000003d63a00000)
libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x0000003d63600000)
libcom_err.so.2 => /lib64/libcom_err.so.2 (0x0000003d61a00000)
libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x0000003d63e00000)
libz.so.1 => /usr/lib64/libz.so.1 (0x0000003d5de00000)
libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0 (0x0000003d64200000)
libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x0000003d62600000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x0000003d5e600000)
libsepol.so.1 => /lib64/libsepol.so.1 (0x0000003d5ea00000)
which reminded me, that there *were* some changes between the versions :).
This is how I configured 1.1.12:
./configure --without-nss --with-storages=mbox,raw --with-ldap=yes --without-docs --prefix=/packages/run.64/dovecot-1.1.12/
and 1.1.13:
./configure --with-storages=mbox,raw --without-docs --prefix=/packages/run.64/dovecot-1.1.13/
Now when I use the same configuration with 13 as with 12, there are no errors.
Jiri Novosad
More information about the dovecot
mailing list