FreeBSD Core dump: PAM authentication with Kerberos credentials (GSSAPI_MIT)
Ben Woods
woodsb02 at gmail.com
Sun Feb 18 06:32:43 EET 2018
On 12 February 2018 at 23:34, Ben Woods <woodsb02 at gmail.com> wrote:
> Hi everyone,
>
> I have a repeatable core dump when running dovecot on FreeBSD in the
> specific scenario described below.
>
> Dovecot is linked against MIT kerberos in /usr/local/lib/, whilst PAM is
> linked against Heimdal in /usr/lib/.
> My expectation was that dovecot authentication using GSSAPI would use MIT
> kerberos in /usr/local/lib, whereas PAM authentication is independent from
> dovecot and would therefore use Herimdal in /usr/lib/.
>
> What actually seems to occur during PAM authentication is the Heimdal code
> in /usr/lib/ is initially being used, but part way through it switches to
> using the MIT kerberos code in /usr/local/lib/.
>
> I have reported this bug on the FreeBSD bug tracker here:
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=225818
>
> Any help troubleshooting this issue would be much appreciated. I suspect
> it has something to do with the CFLAGS and LDFLAGS being used during the
> build, so I have attached the build log to the FreeBSD bug report.
>
> Thanks in advance,
> Ben
>
Hi everyone,
Can anyone recommend a way to fix the dovecot build process so that the
dovecot code for PAM authentication is not dynamically linked to the
kerberos libraries?
The issue appears to be that a single dovecot library is created for all
authentication mechanisms (libauth.la), so whilst the PAM authentication
code does not need to link to the kerberos libraries, the GSSAPI
authentication code does.
This results in dovecot being linked to the MIT kerberos libraries, whilst
my PAM is linked to the Heimdal kerberos libraries. Therefore, when dovecot
runs PAM, both the MIT and Heimdal libraries are loaded at the same time.
Regards,
Ben
--
From: Benjamin Woods
woodsb02 at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20180218/c540e878/attachment-0001.html>
More information about the dovecot
mailing list