kadmin crash with PKCS11
Greg Hudson
ghudson at MIT.EDU
Thu Aug 14 10:54:56 EDT 2014
On 08/14/2014 04:38 AM, jarek wrote:
> I'm almost sure that the problem is with buggy pkcs11
> lib, but I don't understand, why kadmin tries to access smart card when
> it should use keytab only:
My initial reading of the code is that it should only invoke the PKCS11
module when it is actually doing PKINIT, so I'm not sure either. We can
get some additional information in two ways:
1. Set the environment variable KRB5_TRACE to a filename or to
/dev/stdout, e.g.:
env KRB5_TRACE=/dev/stdout kadmin -k -t ...
and look for relevant trace logs.
2. Get a gdb back trace for the crash:
gdb --args kadmin -k -t ...
run
back
This works best when using a build from source with CFLAGS=-g, but
sometimes one can get useful information out of a backtrace from a
regular OS binary as well.
It may also be helpful to know what version of MIT krb5 and what
operating system you're using.
> Is there any way, to supply alternative krb5.conf to kadmin/k5srvutil ?
Yes:
env KRB5_CONFIG=/path/to/config kadmin -k -t ...
More information about the Kerberos
mailing list