From: sandy s <san...@gm...> - 2005-12-07 14:43:42
|
Yes, It crashes on the fisrt call to gss api :( - Sandy. On 12/7/05, Aidas Kasparas <a.k...@gm...> wrote: > > Sandy, > > First, the only (afaik) developer of ipsec-tools who is familar > with > kerberos is Derek, but he contributed code to ipsec-tools for the last > time long ago. So, help from the person who knows kerberos would be very > helpful. > > On the other hand, by searching web for faults and gss/kerberos, = I > found > > http://www.nabble.com/Core-Dump-with-gsstest-1.26-and-krb5-1.4.2-t327263.= html#a931954 > which is not directly related, but lets me believe, that bugs in > kerberos library is not an uncommon thing. So, could you plese run > gsstest program to make sure library you have installed is not buggy and > there are no problems in your GSS setup. > > One more thing. You said, that racoon crashes after some time. Is > he > failing on first try to use gss functionality, or sometimes it goes > through and later fails? > > sandy s wrote: > > Hi all, > > > > I found that the issue of seg fault exists from past one year. > > > > Please see the link below: > > > > http://mailman.mit.edu/pipermail/kerberos/2004-April/005125.html > > > > What could be the fix for this ? > > > > - Sandy > > > > On 12/7/05, *sandy s* <san...@gm... > > <mailto:san...@gm...>> wrote: > > > > Hi, > > > > Here is more info using gdb. Could you please let me know what coul= d > > be the error ? > > > > - Sandy > > > > --------------------------------------------------- > > 2005-12-07 09:10:16: DEBUG: (lifebyte =3D 0:0) > > 2005-12-07 09:10:16: DEBUG: enctype =3D 3DES-CBC:3DES-CBC > > 2005-12-07 09:10:16: DEBUG: (encklen =3D 0:0) > > 2005-12-07 09:10:16: DEBUG: hashtype =3D SHA:SHA > > 2005-12-07 09:10:16: DEBUG: authmethod =3D GSS-API on Kerberos > > 5:GSS-API on Kerberos 5 > > 2005-12-07 09:10:16: DEBUG: dh_group =3D 768-bit MODP group:768-bit > > MODP group > > 2005-12-07 09:10:16: DEBUG: an acceptable proposal found. > > 2005-12-07 09:10:16: DEBUG: hmac(modp768) > > 2005-12-07 09:10:16: DEBUG: gss id in new sa 'host/kdc.kerb.com' > > 2005-12-07 09:10:16: DEBUG: GIi is host/kdc.kerb.com > > 2005-12-07 09:10:16: DEBUG: GIr is host/linux.kerb.com > > 2005-12-07 09:10:16: DEBUG: =3D=3D=3D > > 2005-12-07 09:10:16: DEBUG: compute DH's private. > > 2005-12-07 09:10:16: DEBUG: > > 5be41b2e b85ff069 680b30ce 46defd9e a0a50432 7393023c c814aa68 > b824c1c1 > > 4e8d536f 55714020 9a12d8b8 9c467374 88f6b4ec 8919a92b d349255b > 4dee5265 > > 7250baec 8ae579a3 e621f3c4 00b5450f 19192aba c7220771 9250d320 > 58477695 > > 2005-12-07 09:10:16: DEBUG: compute DH's public. > > 2005-12-07 09:10:16: DEBUG: > > 921bcc59 d771190a a09a607c 84bbd005 e53b91dd e8b42579 b8b97609 > 1f2f6cba > > d8910bde 68fdab19 ff108509 45a710e3 a137601b 0032ff0b ca86ede2 > 41b7ec1d > > e8fe34dc 2b0915f8 28e8b616 ea15d265 da31d72c ef5e5066 3bb7d04b > 8e84030f > > > > Program received signal SIGSEGV, Segmentation fault. > > 0x00d530fb in krb5_gss_canonicalize_name () from > > /usr/lib/libgssapi_krb5.so.2 > > (gdb) bt > > #0 0x00d530fb in krb5_gss_canonicalize_name () from > > /usr/lib/libgssapi_krb5.so.2 > > #1 0x00d59b02 in gss_canonicalize_name () from > > /usr/lib/libgssapi_krb5.so.2 > > #2 0x0805c5ab in gssapi_init (iph1=3D0x9896af8) at gssapi.c:214 > > #3 0x0805cd71 in gssapi_get_itoken (iph1=3D0x9896af8, lenp=3D0x0) = at > > gssapi.c:279 > > #4 0x0805362a in ident_i2send (iph1=3D0x9896af8, msg=3D0x9896538) = at > > isakmp_ident.c:320 > > #5 0x0804e5d2 in ph1_main (iph1=3D0x9896af8, msg=3D0x9896538) at > > isakmp.c:788 > > #6 0x0804e9a7 in isakmp_main (msg=3D0x9896538, remote=3D0xbfc34f68= , > > local=3D0xbfc34ee8) at isakmp.c:570 > > #7 0x0804f9bf in isakmp_handler (so_isakmp=3D9) at isakmp.c:359 > > #8 0x0804c40e in session () at session.c:209 > > #9 0x0804bdd4 in main (ac=3D5, av=3D0xbfc36234) at main.c:247 > > (gdb) frame 2 > > #2 0x0805c5ab in gssapi_init (iph1=3D0x9896af8) at gssapi.c:214 > > 214 maj_stat =3D gss_canonicalize_name(&min_stat, princ= , > > GSS_C_NO_OID, > > (gdb) p princ > > $1 =3D 0x9897590 > > (gdb) > > > > > -------------------------------------------------------------------------= ----------------------------- > > here is my racoon.conf file used: > > > > Racoon IKE daemon configuration file. > > # See 'man racoon.conf' for a description of the format and entries= . > > remote anonymous { > > exchange_mode main; > > lifetime time 24 hour; > > proposal { > > encryption_algorithm des; > > hash_algorithm md5; > > authentication_method gssapi_krb; > > dh_group 1; > > } > > } > > sainfo anonymous > > { > > pfs_group 2; > > lifetime time 1 hour; > > encryption_algorithm des; > > authentication_algorithm hmac_sha1, hmac_md5 ; > > compression_algorithm deflate ; > > } > > > > > > -- > Aidas Kasparas > IT administrator > GM Consult Group, UAB > |