[16654] in Kerberos_V5_Development
DNS server hangs in/after gss_indicate_mechs call on Windows with
daemon@ATHENA.MIT.EDU (Elzey, Blaine A (Blaine))
Thu Feb 24 16:09:04 2011
From: "Elzey, Blaine A (Blaine)" <blaine.elzey@alcatel-lucent.com>
To: "'krbdev@mit.edu'" <krbdev@mit.edu>
Date: Thu, 24 Feb 2011 15:08:29 -0600
Message-ID: <0DEE3BCEE44BFD4EBC3B7DC009C8E7922507090641@USNAVSXCHMBSA3.ndc.alcatel-lucent.com>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
I am running DNS on Windows 2008, my KDC is Windows 2003 SP2. On the DNS server machine I see the krb5.ini is read, but the specified default_keytab_name file is never opened. I have tried many variations for the syntax of the default_keytab_name value to no avail. I have also tried variation of different libdefaults values with no luck. The DNS server does not answer any queries about 2 seconds after starting. The last action the process monitor sees is the successful IRP_MJ_CLEANUP operation for the krb5.ini file (after successful open and read.) I do see context swithes climb slowly for the process, but nothing else (no CPU or IO). The stack:
ntiskrnl.exe!KeWaitForMultipleObjects
ntiskrnl.exe!PsGetCurrentThreadTeb
ntiskrnl.exe!NtOpenProcessToken
ntiskrnl.exe!KiDeliverApc
ntiskrnl.exe!KiFastSystemCallRet
ntoskrnl.exe!WaitForSingleObject
gssapi32.dll!gss_indicate_mechs
gssapi32.dll!gss_indicate_mechs
gssapi32.dll!gss_indicate_mechs
gssapi32.dll!gss_init_sec_context
gssapi32.dll!gss_add_cred
gssapi32.dll!gss_acquire_cred
libdns_qddns.dll!dst_gssapi_acquirecred
name.exe!ns_tkeyctx_fromconfig
...
Krb5.ini:
[libdefaults]
default_realm = LABW2K3.COM
default_keytab_name = C:/Files/dev/krb5.keytab
# the following two must be on des-cbc-crc for MIT kerberos
default_tkt_enctypes = des-cbc-md5
default_tgs_enctypes = des-cbc-md5
dns_lookup_kdc = false
dns_lookup_realm = false
rdns = false
allow_weak_crypto = true
[realms]
LABW2K3.COM = {
kdc = 10.54.0.42:88
default_domain = test.com
}
[domain_realm]
.test.com = LABW2K3.COM
test.com = LABW2K3.COM
.labw2k3.com = LABW2K3.COM
labw2k3.com = LABW2K3.COM
[logging]
# kdc = FILE:C:/Files/dev/krb5kdc.log
# admin_server = FILE:C:/Files/dev/kadmin.log
# default = FILE:C:/Files/dev/krb5lib.log
kdc = STDERR
admin_server = STDERR
default = STDERR
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
