[3283] in Kerberos-V5-bugs
pending/1028: Bug with Kerberos 1.2.2 for 64 bit HPUX 11 !?
daemon@ATHENA.MIT.EDU (Jin Zhou)
Mon Dec 17 23:20:04 2001
Resent-From: gnats@rt-11.mit.edu (GNATS Management)
Resent-To: gnats-admin@rt-11.mit.edu
Resent-Reply-To: krb5-bugs@MIT.EDU, Jin Zhou <jinz@gene.COM>
Message-Id: <3C1EBF7E.A9C0A89B@gene.com>
Date: Mon, 17 Dec 2001 20:01:02 -0800
From: Jin Zhou <jinz@gene.COM>
To: kerberos@mit.edu, krb5-bugs@mit.edu
>Number: 1028
>Category: pending
>Synopsis: Bug with Kerberos 1.2.2 for 64 bit HPUX 11 !?
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: gnats-admin
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Mon Dec 17 23:20:00 EST 2001
>Last-Modified:
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Unformatted:
Hi:
I compiled Kerberos 1.2.2 on HPUX 11.00 with "+DD64" flag passed to
cc compiler, which means all
the binaries will be in 64 bit format.
Everything so far works fine except for /usr/local/sbin/kadmin. Here
is what happens when I run kadmin
trying to connect to a kadmind & krb5kdc running on another Unix box:
%
% /usr/local/sbin/kadmin
Authenticating as principal user1/admin@TEST.COM with password.
Enter password:
kadmin: GSS-API (or Kerberos) error while initializing kadmin
interface
%
In KDC's /var/log/kadmin.log file, I can see that (xxx is the
machine's IP address):
kadmind[4342](Notice): Authentication attempt failed: xxx.xxx.xxx.xxx,
GSS-API error strings are:
kadmind[4342](Notice): A token was invalid
kadmind[4342](Notice): Token header is malformed or corrupt
kadmind[4342](Notice): GSS-API error strings complet
I did some troubleshootings, finally the problem being traced back
to system call "clnt_call()" around line #287 in
./Kerberos/src/lib/rpc/auth_gssapi.c where "call_res" gets its value by
calling "clnt_call()". The program exit around line #329 when the value
of "call_res.gss_major" is checked and found invalid.
The interesting part is that I'm not sure whether this is a bug in
HPUX 11 64 bit RPC library or a bug with Kerberos 122. Because
clnt_call() actually returns "RPC_SUCCESS" as exit code, but yet gets
invalid value for "call_res.gss_major".
Can somebody who runs 64 bit Kerberos on HPUX 11 test whether kadmin
works or not ? My KDC has no problem, because we can run kadmin from
other (SGI, SUN, HPUX10.20) Kerberos systems without any problem.
If this is a bug, then just treat my message a bug report.
Thanks
Jin
-----------------------------------
