From: Lawrence Greenfield (leg plus at andrew dot cmu dot edu)
Date: Mon Aug 06 2001 - 09:09:45 EDT
Date: Sun, 05 Aug 2001 21:20:55 -0700
From: David Wright <>
[...]
Now when _do_authentication is run against a correct password, it
returns success and pam_ldap returns success, but imapd dies. If I
comment out the call to _do_authentication and just return success,
imapd does not die. So it would seem the problem lies with
_do_authentication.
But here is the wierd part -- as far as I can tell, _do_authentication
does not interact with imapd or the SASL library at all; it contains
only LDAP library calls to interact with the LDAP server! And remember,
this interaction doesn't generate any errors, but rather runs flawlessly
and returns success. It seems, though, that a side-effect of this
interaction is to screw up the imapd so badly that it dies with a
"signaled to death by 11".
OpenLDAP's API contains calls to the SASL library to do it's own SASL
negotiation with the LDAP server, thus the problem.
These sort of hard-to-track-down interactions is why version 2 of the
SASL library will force use of a seperate process (a la pwcheck) for
PAM, LDAP, or other sorts of authentication.
Larry
|
|
|