Re: [Dovecot] dovecot-1.1.13 auth-worker killed

6 Apr 2009 · *were*


      Timo Sirainen wrote:
...
On Apr 3, 2009, at 4:31 AM, Jiri Novosad wrote:
...
#0  0x0000003d5e60d6fc in ?? () from /lib64/libselinux.so.1
#1  0x0000003d5e60d86b in matchpathcon () from /lib64/libselinux.so.1
#2  0x0000003d64203d3b in ?? () from /usr/lib64/libkrb5support.so.0
#3  0x0000003d64204064 in krb5int_labeled_fopen () from
/usr/lib64/libkrb5support.so.0
#4  0x0000003d63679188 in profile_update_file_data () from
/usr/lib64/libkrb5.so.3
#5  0x0000003d63679f3e in profile_open_file () from
/usr/lib64/libkrb5.so.3
#6  0x0000003d6367d3dc in profile_init () from /usr/lib64/libkrb5.so.3
#7  0x0000003d636715e2 in ?? () from /usr/lib64/libkrb5.so.3
#8  0x0000003d63671742 in krb5_os_init_context () from
/usr/lib64/libkrb5.so.3
#9  0x0000003d6365a91e in ?? () from /usr/lib64/libkrb5.so.3
#10 0x00002ba68be0d044 in ?? () from /lib64/security/pam_krb5.so
#11 0x00002ba68be096d2 in pam_sm_authenticate () from
/lib64/security/pam_krb5.so
#12 0x0000003d6a802dc7 in _pam_dispatch () from /lib64/libpam.so.0
#13 0x0000003d6a8026d2 in pam_authenticate () from /lib64/libpam.so.0
So you're using pam_krb5? Is dovecot-auth linked against any Kerberos
libs? If it is, see if it helps by disabling gssapi when configuring.
Maybe there is some library conflict.
Yes, sorry, my pam setup:
# cat /etc/pam.d/dovecot
auth       include      system-auth
auth       sufficient   pam_krb5.so
account    required     pam_nologin.so
account    required     pam_ldap_fi.so # site-specific, checks host=?
account    include      system-auth
# cat /etc/pam.d/system-auth
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        sufficient    pam_krb5.so use_first_pass
auth        sufficient    pam_ldap.so use_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        required      pam_deny.so
account     sufficient    pam_unix.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     sufficient    pam_ldap.so
account     sufficient    pam_krb5.so
account     required      pam_permit.so
password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
password    sufficient    pam_ldap.so use_authtok
password    sufficient    pam_krb5.so use_authtok
password    required      pam_deny.so
session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     sufficient    pam_unix.so
session     sufficient    pam_ldap.so
session     optional      pam_krb5.so
I ran:
# ldd /export/packages/run.linux.64/dovecot-1.1.13/libexec/dovecot/dovecot-auth
libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000003d6d800000)
libpam.so.0 => /lib64/libpam.so.0 (0x0000003d6a800000)
libdl.so.2 => /lib64/libdl.so.2 (0x0000003d5d600000)
libc.so.6 => /lib64/libc.so.6 (0x0000003d5ce00000)
libaudit.so.0 => /lib64/libaudit.so.0 (0x0000003d65200000)
/lib64/ld-linux-x86-64.so.2 (0x0000003d5ca00000)
and then:
# ldd /export/packages/run.linux.64/dovecot-1.1.12/libexec/dovecot/dovecot-auth
libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000003d6d800000)
libpam.so.0 => /lib64/libpam.so.0 (0x0000003d6a800000)
libldap-2.3.so.0 => /usr/lib64/libldap-2.3.so.0 (0x0000003d5d200000)
libdl.so.2 => /lib64/libdl.so.2 (0x0000003d5d600000)
libc.so.6 => /lib64/libc.so.6 (0x0000003d5ce00000)
liblber-2.3.so.0 => /usr/lib64/liblber-2.3.so.0 (0x0000003d5da00000)
libaudit.so.0 => /lib64/libaudit.so.0 (0x0000003d65200000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003d61200000)
libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x0000003d72c00000)
libssl.so.6 => /lib64/libssl.so.6 (0x0000003d67a00000)
libcrypto.so.6 => /lib64/libcrypto.so.6 (0x0000003d62200000)
/lib64/ld-linux-x86-64.so.2 (0x0000003d5ca00000)
libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2 (0x0000003d63a00000)
libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x0000003d63600000)
libcom_err.so.2 => /lib64/libcom_err.so.2 (0x0000003d61a00000)
libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x0000003d63e00000)
libz.so.1 => /usr/lib64/libz.so.1 (0x0000003d5de00000)
libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0 (0x0000003d64200000)
libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x0000003d62600000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x0000003d5e600000)
libsepol.so.1 => /lib64/libsepol.so.1 (0x0000003d5ea00000)
which reminded me, that there *were* some changes between the versions :).
This is how I configured 1.1.12:
./configure --without-nss --with-storages=mbox,raw --with-ldap=yes --without-docs --prefix=/packages/run.64/dovecot-1.1.12/
and 1.1.13:
./configure --with-storages=mbox,raw --without-docs --prefix=/packages/run.64/dovecot-1.1.13/
Now when I use the same configuration with 13 as with 12, there are no errors.
Jiri Novosad