SSL and pam_ldap

Niall Gallagher niall.gallagher at analog.com
Tue May 4 16:07:31 UTC 2004 

Hi All,

I am trying to use either SSL or TLS with the pam_ldap 167 on redhat
9.0. However, each time I attempt to connect using ldaps there is a
segmentation fault. I have searched the archives for a solution but I
found very little on this subject.

I am using the following command.

ldapsearch -d1 -H ldaps://limkdc1.ad.analog.com "cn=Gallagher\,
Niall,ou=Users,ou=LIMK-E,dc=ad,dc=analog,dc=com"

Which produces the output shown below. The ldapsearch will work if ldap
is used instead of ldaps which leads me to believe that the problem lies
with SSL certificates or somthing similar.

ldap_create
ldap_url_parse_ext(ldaps://limkdc1.ad.analog.com)
ldap_pvt_sasl_getmech
ldap_search
put_filter "(objectclass=*)"
put_filter: simple
put_simple_filter "objectclass=*"
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: limkdc1.ad.analog.com
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 10.32.51.110:636
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_ndelay_on: 3
ldap_is_sock_ready: 3
ldap_ndelay_off: 3
ldap_int_sasl_open: host=limkdc1.ad.analog.com
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 0, subject:
/CN=limkdc1.ad.analog.com, issuer: /DC=com/DC=analog/DC=ad/CN=Analog
Enterprise Root CA
TLS trace: SSL_connect:SSLv3 read server certificate A
TLS trace: SSL_connect:SSLv3 read server certificate request A
TLS trace: SSL_connect:SSLv3 read server done A
TLS trace: SSL_connect:SSLv3 write client certificate A
TLS trace: SSL_connect:SSLv3 write client key exchange A
TLS trace: SSL_connect:SSLv3 write change cipher spec A
TLS trace: SSL_connect:SSLv3 write finished A
TLS trace: SSL_connect:SSLv3 flush data
TLS trace: SSL_connect:SSLv3 read finished A
Segmentation fault


Any help would be appreciated, also if anyone has had success in using
MD5 for secure transmission between pam_ldap and Microsoft Active
Directory I would appreciate any tips.

Regards,
Niall

More information about the Pam-list mailing list