From Bugzilla Helper: User-Agent: Mozilla/4.76 [fr] (X11; U; Linux 2.2.17-14 i686) cyrus imapd is crashing with signal 11 when trying to authenticate a use through SASL ->PAM -> LDAP Reproducible: Always Steps to Reproduce: cyrus-imapd-2.0.9-3 is installed with following configuration sasl_pwcheck_method: pam to use pam the file /etc/pam.d/imap containing the following line auth sufficient /lib/security/pam_unix.so auth required /lib/security/pam_ldap.so config=/etc/cyrusldap.conf account sufficient /lib/security/pam_unix.so account required /lib/security/pam_ldap.so config=/etc/cyrusldap.conf the /etc/cyrusldap.cnf contain the configuraiton to access the ldap server. When i use this to authenticate the login it work well when i launch imtest to test cyrus i got 2. 3. Actual Results: imtest -u root -m login -l 0 -a doutrele localhost C: C01 CAPABILITY S: * OK projtux.int-evry.fr Cyrus IMAP4 v2.0.9 server ready S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE X-NETSCAPE S: C01 OK Completed Password: C: L01 LOGIN doutrele {8} + go ahead C: <omitted> failure: prot layer failure when i type the wrong password i got C: <omitted> L01 NO Login failed: authentication failure Authentication failed. generic failure Security strength factor: 0 * BAD Invalid tag the cyrus.log file give me Apr 24 13:05:19 projtux master[4381]: about to exec /usr/cyrus/bin/imapd Apr 24 13:05:19 projtux service-/usr/cyrus/bin/imapd[4381]: executed Apr 24 13:05:19 projtux imapd[4381]: accepted connection Apr 24 13:05:55 projtux master[4298]: process 4381 exited, signaled to death by 11
According to a post by 'Kurt D. Zeilenga' on 24/feb/2001 on the cyrus-sasl mailinglist: "If you intend to use Cyrus SASL with PAM with OpenLDAP, build OpenLDAP --without-cyrus-sasl to avoid library reentry issues." The openldap-2.0.7-14 RPM shipped with RH71 is compiled --with-cyrus-sasl. When I download the openldap-2.0.7-14, change --with-cyrus-sasl into --without-cyrus-sasl (and removing --enable-spasswd, as this requires SASL), and install the resulting binary RPMs instead of the RH71 openldap RPMs, the problem described here goes away. Of course, you lose SASL support in OpenLDAP.
I was also expierencing the prot layer failure but found a workaround without having to recompile as follows: Rename /etc/pam.d/imap to /etc/pam.d/system-imap Put in new /etc/pam.d/imap of: #%PAM-1.0 auth required /lib/security/pam_stack.so service=system-imap account required /lib/security/pam_stack.so service=system-imap
Closing as WONTFIX due to end of life of the Power Tools product line. Please open a new bug report under the Red Hat Linux product if the component is still included in the base Red Hat distribution.