On 12 February 2018 at 23:34, Ben Woods <woodsb02@gmail.com> wrote:

Hi everyone,

I have a repeatable core dump when running dovecot on FreeBSD in the specific scenario described below.

Dovecot is linked against MIT kerberos in /usr/local/lib/, whilst PAM is linked against Heimdal in /usr/lib/.
My expectation was that dovecot authentication using GSSAPI would use MIT kerberos in /usr/local/lib, whereas PAM authentication is independent from dovecot and would therefore use Herimdal in /usr/lib/.

What actually seems to occur during PAM authentication is the Heimdal code in /usr/lib/ is initially being used, but part way through it switches to using the MIT kerberos code in /usr/local/lib/.

I have reported this bug on the FreeBSD bug tracker here:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=225818

Any help troubleshooting this issue would be much appreciated. I suspect it has something to do with the CFLAGS and LDFLAGS being used during the build, so I have attached the build log to the FreeBSD bug report.

Thanks in advance,
Ben

Hi everyone,

Can anyone recommend a way to fix the dovecot build process so that the dovecot code for PAM authentication is not dynamically linked to the kerberos libraries?

The issue appears to be that a single dovecot library is created for all authentication mechanisms (libauth.la), so whilst the PAM authentication code does not need to link to the kerberos libraries, the GSSAPI authentication code does.

This results in dovecot being linked to the MIT kerberos libraries, whilst my PAM is linked to the Heimdal kerberos libraries. Therefore, when dovecot runs PAM, both the MIT and Heimdal libraries are loaded at the same time.

Regards,

Ben

--
From: Benjamin Woods
woodsb02@gmail.com