[Freeipa-users] FreeOTP
Sumit Bose
sbose at redhat.com
Thu Jun 16 08:55:41 UTC 2016
On Thu, Jun 16, 2016 at 10:28:41AM +0200, Winfried de Heiden wrote:
> Hi all,
>
> "So it looks a bit like a libverto 32bit issue"; any news or progress on
> this? Bugzilla?
sorry for the delay, but I'm currently busy with other items. I can come
back to you on this issue early next week.
Btw, so far I would say it is an issue in libkrad.
bye,
Sumit
>
> Winny
>
>
> Op 09-06-16 om 18:51 schreef Sumit Bose:
> > On Thu, Jun 09, 2016 at 08:42:59AM -0400, Nathaniel McCallum wrote:
> > > On Thu, 2016-06-09 at 10:46 +0200, Sumit Bose wrote:
> > > > On Thu, Jun 09, 2016 at 08:16:13AM +0200, Winfried de Heiden wrote:
> > > > > Hi all,
> > > > >
> > > > > I can install libvert-libev but removing libverto-tevent will
> > > > > remove 123
> > > > > dependencies also. (wget, tomcat and much more...)
> > > > >
> > > > > Hence, I installed libverto-libev, but dit not remove libverto-
> > > > > tevent to give
> > > > > it a try. After ipactl restart still the same problem:
> > > > fyi, I think I can reproduce the issue on 32bit Fedora. I tried
> > > > libverto-libev as well but I removed libverto-tevent after installing
> > > > libverto-libev with 'rpm -e --nodeps ....' to make sure libverto has
> > > > no
> > > > other chance.
> > > >
> > > > So it looks a bit like a libverto 32bit issue. I used
> > > > libverto-0.2.6-4.fc22. Since I knew that is was working before on
> > > > 32bits
> > > > I tried libverto-0.2.5 and libverto-0.2.4 as well with no lock.
> > > >
> > > > Nathaniel, do you have any suggestions what to check with gdb?
> > > It may not be a libverto issue at all. Just to summarize, krb5kdc sends
> > > the otp request to ipa-otpd using RADIUS-over-UNIX-socket.
> > >
> > > It appears that ipa-otpd receives the request and sends the appropriate
> > > response. However, krb5kdc never appears to receive the request and
> > > times out. Once it times out, it closes the socket and ipa-otpd exits.
> > >
> > > The question is: why?
> > >
> > > This could be a bug in krb5kdc, libkrad or libverto. Does the event
> > > actually fire from libverto? Does libkrad process it correctly? Does
> > > krb5kdc process it correctly?
> > >
> > > There are lots of places to attach gdb. I would probably start here:
> > > https://github.com/krb5/krb5/blob/master/src/lib/krad/client.c#L193
> > It looks like the 3rd argument of recv(), the buffer length, becomes
> > negative aka very big in on_io_read()
> >
> > i = recv(verto_get_fd(rr->io), rr->buffer.data + rr->buffer.length,
> > pktlen - rr->buffer.length, 0);
> >
> > because pktlen is 4 and rr->buffer.length is 16 on my 32bit system. I
> > wonder if pktlen isn't sufficient here because it already is the result
> > of 'len - buffer->length' which is calculated in
> > krad_packet_bytes_needed() ?
> >
> > bye,
> > Sumit
> >
>
More information about the Freeipa-users
mailing list