[38027] in Kerberos
Re: Segmentation fault when trying to start kadmind
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Jul 19 20:54:39 2017
To: Joshua Schaeffer <jschaeffer0922@gmail.com>, kerberos@mit.edu
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <32a9b840-0136-a773-8ccb-1af6f922dccb@mit.edu>
Date: Wed, 19 Jul 2017 20:54:16 -0400
MIME-Version: 1.0
In-Reply-To: <54ed019d-b6b3-956f-8da3-93432a66f748@gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 07/19/2017 08:22 PM, Joshua Schaeffer wrote:
> * Do you know if ldap_kdc_dn needs read rights to the krbPrincipalKey
> attribute?
It does. The KDC is the primary user of principal long-term keys; it
uses them to verify pre-authentication, encrypt KDC replies, and encrypt
service tickets.
> * Would you consider the segmentation fault a bug?
I filed a PR for the crash bug and it should be fixed in upcoming patch
releases. This bug only occurs when the master key is manually entered
(no stash file) and the K/M entry has no key data (LDAP access error).
I'm still not sure why kdb5_ldap_util create -s didn't create a stash
file in your scenario.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
