[11694] in Kerberos-V5-bugs
[krbdev.mit.edu #6777] Segmentation fault in krb library (sn2princ.c)
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Wed Sep 15 15:25:19 2010
Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "Greg Hudson via RT" <rt-comment@krbdev.MIT.EDU>
In-Reply-To: <rt-6777@krbdev.mit.edu>
Message-ID: <rt-6777-33159.7.9753922781552@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #6777'":;"'AdminCc of krbdev.mit.edu Ticket #6777'":;@MIT.EDU
Date: Wed, 15 Sep 2010 15:25:13 -0400 (EDT)
Reply-To: rt-comment@krbdev.MIT.EDU
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
[Richard.Krier@globalfoundries.com - Wed Sep 15 14:20:35 2010]:
> 2. As for krb5_build_principal(), seems the code is set up to return
> null ret_princ if the input realm is missing,
> think it is working as designed.
There is no code like that in our tree. krb5_build_principal() should
be able to build a principal with an empty realm. If
krb5_build_principal() is failing with an empty realm, we will not
understand your issue until you investigate why.
> 3. I think the root of our problem is related to building the code in
> 64-bit mode; krb5_get_host_realm() behaves
> differently in 32-bit and 64-bit mode in the case where the realm
> cannot be resolved from the host name:
> a. In 32-bit mode, it properly returns the default_realm value
> specified value specified in [libdefaults] stanza.
> b. In 64-bit mode, it only returns the zero-length string
The behavior of krb5_get_host_realm() changed in krb5 1.6. The new
design is that it will return an empty realm if there is no explicit
krb5.conf configuration mapping the domain to a realm. This is a cue to
krb5_get_credentials that it should try KDC referrals against the local
realm. If that doesn't work, krb5_get_credentials will invoke
krb5_get_fallback_host_realm() to perform DNS-based or heuristic methods
to determine the realm name, eventually falling back to the default
realm.
If you are seeing different behavior from krb5_get_host_realm() on 32-
bit and 64-bit, then it is probably because you are getting different
versions of the krb5 libraries for some reason.
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
