[3119] in Kerberos-V5-bugs
krb5-kdc/758: kadmind changepw bug: core dumps
daemon@ATHENA.MIT.EDU (cthallen@binghamton.edu)
Tue Sep 28 17:14:06 1999
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: krb5-unassigned@RT-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, admins@mail.binghamton.edu
Message-Id: <199909282113.RAA13977@jake2.cc.binghamton.edu.binghamton.edu>
Date: Tue, 28 Sep 1999 17:13:50 -0400
From: cthallen@binghamton.edu
Reply-To: admins@mail.binghamton.edu
To: krb5-bugs@MIT.EDU
Cc: mcronk@binghamton.edu, cthallen@binghamton.edu
>Number: 758
>Category: krb5-kdc
>Synopsis: kadmind core dumps after several password changes by admin user
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue Sep 28 17:14:01 EDT 1999
>Last-Modified:
>Originator: Chris Hallenbeck
>Organization:
Binghamton University
>Release: krb5-current-19990927
>Environment:
System: SunOS jake2.cc.binghamton.edu 5.6 Generic_105181-05 sun4m sparc SUNW,SPARCstation-5
Architecture: sun4
>Description:
We run krb5kdc, kadmind, and krb524d on Solaris 2.6 machines. The "production"
version is "krb5-current-19990712", and was compiled using gcc 2.8.1 on a Sun SPARC5. THIS
release (09/27/99) was compiled on a similar machine running Solaris 2.6 using SunProC.
In BOTH versions, kadmind coredumps after several password changes. I have only been
able to verify this problem in situations where the password changes are being done as a part
of a script run by an admin user.
ex:
kadmin -c $KRB5CCNAME -q "cpw -pw $password $principal"
It only seems to take about a dozen such requests before the daemon dies. I have not yet
had a chance to test to see how long it takes for a "regular" user running 'kpasswd' to cause this
type of coredump -- or if it happens at all!
>How-To-Repeat:
In "helpdesk" account's '.profile' (under ksh):
-----
KRB5CCNAME=/tmp/krb5cc_helpdesk
export PATH KRB5CCNAME
trap kdestroy 0 1 2 3 5 15
kinit -S kadmin/admin -k -t acct.keytab helpdesk/admin
----------END .profile-----------
In 'kpass script' :
-----
#!/usr/local/bin/expect --
[snip]
spawn kadmin -c $KRB5CCNAME -q "cpw -pw $password $principal"
expect {
timeout {
[snip]
------------END 'kpass' script--------
Our Helpdesk often runs this program up to 100 times a day (especially at the beginning of
the semester). Since usage has dropped considerably -- no more than 15 times/day -- we have
had FAR fewer coredumps of kadmind.
>Fix:
No known work-around short of restarting the daemon when you detect that it has died. :-P
We'll be more than glad to send you a few of the cores if you actually want them. ;-)
Separate, but similar issue: in <path to src>/src/lib/krb5/os/changepw.c there was a problem with
a #ifdef on or about line 86 of the 09/27/99 version (ifdef KRB5_DNS_LOOKUP). If that is NOT
defined you get an "undefined symbol: i" error, because the declartion "int i" is inside that #ifdef.
Again, that COMPILATION error was received under Solaris 2.6 using SunProC (/opt/SUNWspro/bin/cc).
Best regards,
Chris Hallenbeck
>Audit-Trail:
>Unformatted:
