From nobody@FreeBSD.org  Thu Oct 14 05:21:29 2010
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7E4F1106564A
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 14 Oct 2010 05:21:29 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 6CFA38FC0C
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 14 Oct 2010 05:21:29 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o9E5LSOP047022
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 14 Oct 2010 05:21:28 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id o9E5LSnP047021;
	Thu, 14 Oct 2010 05:21:28 GMT
	(envelope-from nobody)
Message-Id: <201010140521.o9E5LSnP047021@www.freebsd.org>
Date: Thu, 14 Oct 2010 05:21:28 GMT
From: Martin Schweizer <office@pc-service.ch>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Kerberos5 is broken in the base system from 8.1 (i386)
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         151444
>Category:       kern
>Synopsis:       [kerberos] Kerberos5 is broken in the base system from 8.1 (i386)
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Oct 14 05:30:07 UTC 2010
>Closed-Date:    
>Last-Modified:  Wed May  4 06:50:08 UTC 2011
>Originator:     Martin Schweizer
>Release:        FreeBSD 8.1 Release
>Organization:
PC-Service M. Schweizer GmbH
>Environment:
FreeBSD acsvfbsd04.acutronic.ch 8.1-RELEASE FreeBSD 8.1-RELEASE #2: Wed Oct 13 23:46:17 CEST 2010     martin@acsvfbsd04.acutronic.ch:/usr/obj/usr/src/sys/GENERIC  i386
>Description:
The kerberos5 system in the base is only under FreeBSD 8.1 Release i386 (not under amd64 and also not in earlier releases) broken. kinit it works. Also compile the source without kerberos5 and use heimdal from ports is not a solution because it works also not. There are different threads in the past months about this (gssapi segfault):
- http://docs.freebsd.org/mail/archive/2010/freebsd-stable/20100725.freebsd-stable.html
- http://docs.freebsd.org/mail/archive/2010/freebsd-stable/20100718.freebsd-stable.html

Here are my threads:
- http://docs.freebsd.org/mail/archive/2010/freebsd-stable/20101003.freebsd-stable.html (Kerberos/SASL)

Since I'm not a programmer I can not give you more debug details. I also checked the saslauthd with truss. There I found that kerberos will check each time a directory which is called /usr/lib/plugin/krb5 but isn't existend. I did not found any information what kerberos here is looking for.
>How-To-Repeat:
Cyrus sasl (newest verison) with saslauth -a kerberos5. 
>Fix:
It works with -a pam, but you need a long outstanding patch (http://www.freebsd.org/cgi/query-pr.cgi?pr=76678&cat=)!

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-i386->freebsd-bugs 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Fri Nov 5 11:03:21 UTC 2010 
Responsible-Changed-Why:  
Although i386-specific, this is not in the code that only runs on i386; 
it is in the generic src code. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=151444 

From: Martin Schweizer <office@pc-service.ch>
To: bug-followup@FreeBSD.org, office@pc-service.ch
Cc:  
Subject: Re: kern/151444: [kerberos] Kerberos5 is broken in the base system
 from 8.1 (i386)
Date: Wed, 04 May 2011 08:22:51 +0200

 Hello
 
 I checked it also with FreeBSD 8.2 on i386. The bug still exists. Any ideas?
 
 Kind regards,
 
 -- 
 Martin Schweizer
 
 PC-Service M. Schweizer GmbH; Bannholzstrasse 6; Postfach 132;
 CH-8608 Bubikon; Tel. +41 55 243 30 00; Fax: +41 55 243 33 22
 
>Unformatted:
