[36376] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

kadmin crash with PKCS11

daemon@ATHENA.MIT.EDU (jarek)
Thu Aug 14 10:00:47 2014

Message-ID: <1408005481.4129.32.camel@jlap3.macro.local>
From: jarek <jarek@poczta.srv.pl>
To: kerberos@mit.edu
Date: Thu, 14 Aug 2014 10:38:01 +0200
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

Hello!

I'm trying to implement periodic keytab renewing with k5srvutil.
It works fine on servers, but crashes on workstations with smart card
authorization. I'm almost sure that the problem is with buggy pkcs11
lib, but I don't understand, why kadmin tries to access smart card when
it should use keytab only:

~ # kadmin -k -t /etc/krb5.keytab -p host/host01.domain@DOMAIN
Authenticating as principal host/host01.domain@DOMAIN with
keytab /etc/krb5.keytab.
Segmentation fault

If I comment out:

#pkinit_identities = PKCS11:/usr/lib/x64-athena/libASEP11.so

it works fine. 

Is there any way, to supply alternative krb5.conf to kadmin/k5srvutil ?

best regards
Jarek

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[36376] in Kerberos

kadmin crash with PKCS11

daemon@ATHENA.MIT.EDU (jarek)Thu Aug 14 10:00:47 2014

daemon@ATHENA.MIT.EDU (jarek)
Thu Aug 14 10:00:47 2014