[3311] in Kerberos
Problem with Krb5-beta3 on Linux - help!
daemon@ATHENA.MIT.EDU (uri@watson.ibm.com)
Fri May 20 14:37:23 1994
From: uri@watson.ibm.com
To: kerberos@MIT.EDU (Kerberos Mailing List)
Date: Fri, 20 May 1994 14:14:23 -0500 (EDT)
Reply-To: uri@watson.ibm.com
Hi,
I'm installing Krb5-beta3 on Linux-1.0.9 (with GCC-2.5.8
and LIBC-4.5.26). ISODE-8.0, and ISODE-7-truncated from
Kerberos distribution FTP server. Tried with both.
Basically, everything compiles and builds fine (except
for a few apps, but it will be dealt with later)...
But the darn thing doesn't run! (:-)
Seriously, here what's going on:
1. Comiled/built everything.
2. Added the proper lines to /etc/services
and /etc/inetd.conf.
3. Created krb database with
"kdb5_create -m <my password>"
4. Stashed the master password with
"kdb5_stash"
5. Added myself as a principal with
"kdb5_edit"
"ank uri"
6. Started testing:
/usr3/krb5-beta3/tests/create # ./kdb5_mkdums -p uri -n 2 -D 1
Added uri1-DEPTH-1 ...
Added uri2-DEPTH-1 ...
7.
/usr3/krb5-beta3/tests/verify # kdb5_verify -p uri -n 2 -D 1
uri1-DEPTH-1 ...
uri2-DEPTH-1 ...
Checking
No errors.
8. Here the first trouble comes.
/usr3/krb5-beta3/tests/hammer # ./kdc5_hammer -p uri -n 2 -D 1
Round 0
getting TGT for uri1-DEPTH-1
kdc5_hammer: Password has expired while getting initial credentials
getting TGT for uri2-DEPTH-1
kdc5_hammer: Password has expired while getting initial credentials
Tried 2. Got 2 errors.
9. OK, so I try to get a ticket explicitely with
clients/kinit/kinit uri
clients/klist/klist
Ticket cache: /tmp/krb5cc_0
Default principal: uri@WATSON.IBM.COM
Valid starting Expires Service principal
20-May-94 13:50:09 20-May-94 21:50:05 krbtgt/WATSON.IBM.COM@WATSON.IBM.COM
10. And now I try the "hammer" again, and Kerberos crashes:
/usr3/krb5-beta3/tests/hammer # ./kdc5_hammer -p uri -n 2 -D 1
Round 0
getting TGT for uri1-DEPTH-1
kdc5_hammer: Cannot contact any KDC for requested realm while getting initial credenti
als
getting TGT for uri2-DEPTH-1
kdc5_hammer: Cannot contact any KDC for requested realm while getting initial credenti
als
Tried 2. Got 2 errors.
Here's what I have in my syslog:
May 20 13:47:44 angmar krb5kdc[11510]: commencing operation
May 20 13:48:55 angmar krb5kdc[11510]: AS_REQ: CLIENT KEY EXPIRED: host 127.0.0.1, uri
1-DEPTH-1@WATSON.IBM.COM for krbtgt/WATSON.IBM.COM@WATSON.IBM.COM
May 20 13:48:55 angmar krb5kdc[11510]: AS_REQ: Password has expired while processing r
equest from uri1-DEPTH-1@WATSON.IBM.COM for krbtgt/WATSON.IBM.COM@WATSON.IBM.COM
May 20 13:48:56 angmar krb5kdc[11510]: AS_REQ: CLIENT KEY EXPIRED: host 127.0.0.1, uri
2-DEPTH-1@WATSON.IBM.COM for krbtgt/WATSON.IBM.COM@WATSON.IBM.COM
May 20 13:48:56 angmar krb5kdc[11510]: AS_REQ: Password has expired while processing r
equest from uri2-DEPTH-1@WATSON.IBM.COM for krbtgt/WATSON.IBM.COM@WATSON.IBM.COM
May 20 13:50:09 angmar krb5kdc[11510]: AS_REQ: ISSUE: authtime 769456209, host 127.0.0
.1, @_^F for @>^F
GDB shows, that Kerberos dies in "pr_type()" routine, called from
"dec_f()", which in term was called from "decode_KRB5_AS__REQ()".
Debugging shows, that it crashes at line 506 in "dec.c" in "src/pepsy" subdir
of MIT-provided ISODE-7. "p->pe_type" is OCTETSTRING (25), all other parameters
also look kosher to me... "*parm" is a non-zero ptr, pointing to an empty
string. "p->pe_ucode" == 0. "pe" seems to be OK:
rogram received signal SIGSEGV, Segmentation fault.
0x1bf6e in pr_type (expl=1, pe=0x703f0, parm=0x6bdd4, p=0x52100, mod=0x54850) at dec.c:506
(xxgdb) print *pe
$1 = {
pe_errno = 0,
pe_context = 0,
pe_class = 0 '\000',
pe_form = 0 '\000',
pe_id = 27,
pe_len = 6,
pe_ilen = 0,
pe_un1 = {
un_pe_prim = 0xbfffed87 "krbtgt\e\016WATSON.IBM.COM%\021\030\01719940521020624Z'\006\002\004-\| (\0050\003\002\001\001) 0\0360\r \003\002\001\002!\006\004\004\201\"\210K0\r \003\002\001\002!\006\004\004\201\"\210K",
un_pe_cons = 0xbfffed87
},
pe_un2 = {
un_pe_cardinal = 0,
un_pe_nbits = 0
},
pe_inline = 1,
pe_realbase = 0x0,
pe_offset = 0,
pe_next = 0x70060,
pe_refcnt = 0
}
(xxgdb) print *parm
$3 = 0x492e4e4f ""
(xxgdb) print p->pe_ucode
$4 = 0
Please help, if you can! Thanks!
--
Regards,
Uri uri@watson.ibm.com acheron!angmar!uri N2RIU
-----------
<Disclamer>
