[17052] in Kerberos-V5-bugs
[krbdev.mit.edu #9182] bug in kdb5_ldap_util
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Wed Aug 27 01:15:50 2025
From: "Greg Hudson via RT" <rt@krbdev.mit.edu>
In-Reply-To: <CAFk47JiYykCQ11RapDWrbUy_AhGWNnhz9AoE=e+CCzMiDoRZZQ@mail.gmail.com>
Message-ID: <rt-4.4.3-2-726432-1756271744-1692.9182-5-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #9182":;
Date: Wed, 27 Aug 2025 01:15:44 -0400
MIME-Version: 1.0
Reply-To: rt@krbdev.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
<URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9182 >
The service stash file should contain:
cn=kdc-srv,cn=krbContainer,dc=example,dc=local#{HEX}...
cn=adm-srv,cn=krbContainer,dc=example,dc=local#{HEX}...
where the "..."s are the hex encoding of the supplied passwords. In what way
is the file malformed? libkdb5_util is able to read a password from it, or
you would see an error about reading the stash file instead of an error about
the LDAP server rejecting the credentials. If I run the given commands, the
resulting file does not seem amiss.
(As an aside, the -D and -w options to these kdb5_ldap_util invocations should
be unnecessary, as this subcommand does not need to authenticate to the LDAP
server.)
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
