KRB5 1.4 vs. KRB5 1.3.6 on AIX 5.2 (fwd)
Milton Turley
mturley at lanl.gov
Tue Apr 26 13:40:23 EDT 2005
I have done some research on this problem. The host resolve code does not
complete successfully. I have traced the error to the routine at
/kerberos/mit/krb5-1.4/src/lib/krb5/os/dnsglue.c. In the routine a call
is made to res_ninit to provide dns information for the kdc. res_ninit
updates the structure at statbuf but overlays memory 72 bytes past the
structure boundary.
I have opened a problem with IBM on res_ninit. The problem is not yet
resolved but IBM suggested using a malloc for the structure instead of
static storage. I am trying to get IBM to correct the error in
res_ninit. No resoultion yet.
>Delivery-Date: Thu, 21 Apr 2005 12:15:05 -0600
>Return-Path: <owner-kerberos at lanl.gov>
>X-Original-To: hgm at localhost.localdomain
>Delivered-To: hgm at localhost.localdomain
>Received: from localhost (localhost.localdomain [127.0.0.1])
> by moki.lanl.gov (Postfix) with ESMTP id 15AAB68739
> for <hgm at localhost.localdomain>; Thu, 21 Apr 2005 12:15:05 -0600
> (MDT)
>Received: from ccn-mail.lanl.gov [128.165.4.105]
> by localhost with POP3 (fetchmail-6.2.5)
> for hgm at localhost.localdomain (single-drop); Thu, 21 Apr 2005
> 12:15:05 -0600
>(MDT)
>Received: from ccn-mail.lanl.gov ([unix socket])
> by ccn-mail.lanl.gov (Cyrus v2.2.3-Red Hat 2.2.3-6.lanl) with
> LMTP; Thu, 21
>Apr 2005 12:11:13 -0600
>X-Sieve: CMU Sieve 2.2
>Received: from mailrelay3.lanl.gov (mailrelay3.lanl.gov [128.165.4.104])
> by ccn-mail.lanl.gov (8.12.11/8.12.11/(ccn-5)) with ESMTP id
> j3LIBCsV025918;
> Thu, 21 Apr 2005 12:11:12 -0600
>Received: from maillist.lanl.gov (maillist.lanl.gov [128.165.4.102])
> by mailrelay3.lanl.gov (8.12.11/8.12.11/(ccn-5)) with ESMTP id
> j3LIBAs0016960;
> Thu, 21 Apr 2005 12:11:10 -0600
>Received: from maillist.lanl.gov (localhost.localdomain [127.0.0.1])
> by maillist.lanl.gov (8.12.10/8.12.10/(cic-5)) with ESMTP id
> j3LIB9Sb000989
> for <kerberos-outgoing at maillist.lanl.gov>; Thu, 21 Apr 2005
> 12:11:09 -0600
>Received: (from majordom at localhost)
> by maillist.lanl.gov (8.12.10/8.12.10/Submit) id j3LIB9pK000987
> for kerberos-outgoing; Thu, 21 Apr 2005 12:11:09 -0600
>X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0
>Content-Class: urn:content-classes:message
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="us-ascii"
>Date: Thu, 21 Apr 2005 12:59:45 -0500
>Message-ID:
><5C066E580F0244458087CC59AC4F74E35EAF57 at srvexcharl02.acf.americredi
>t.com>
>X-MS-Has-Attach:
>X-MS-TNEF-Correlator:
>Thread-Topic: KRB5 1.4 vs. KRB5 1.3.6 on AIX 5.2
>Thread-Index: AcVGm+mkkQoYbVYbTFiUpF9ELGIaOQ==
>From: <Lamar.Saxon at americredit.com>
>To: <kerberos at mit.edu>
>X-OriginalArrivalTime: 21 Apr 2005 17:59:46.0728 (UTC)
> FILETIME=[E7792A80:01C5469B]
>X-Spam-Score: -4.74
>X-Spam-Flag: NO
>X-Scanned-By: MIMEDefang 2.42
>Content-Transfer-Encoding: 8bit
>X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id
> j3LI00h7005195
>Subject: KRB5 1.4 vs. KRB5 1.3.6 on AIX 5.2
>X-BeenThere: kerberos at mit.edu
>X-Mailman-Version: 2.1
>List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
>List-Unsubscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
> <mailto:kerberos-request at mit.edu?subject=unsubscribe>
>List-Archive: <http://mailman.mit.edu/pipermail/kerberos>
>List-Post: <mailto:kerberos at mit.edu>
>List-Help: <mailto:kerberos-request at mit.edu?subject=help>
>List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
> <mailto:kerberos-request at mit.edu?subject=subscribe>
>X-Proofpoint-Spam: 0
>X-Perlmx-Spam: Gauge=XXIIIIIIIII, Probability=29%, Report="EXCUSE_16,
>NO_REAL_NAME, SPAM_PHRASE_03_05, SUPERLONG_LINE, __EVITE_CTYPE, __HAS_MIMEOLE"
>X-PMX-Version: 4.7.1.128075
>Sender: owner-kerberos at lanl.gov
>Precedence: bulk
>
>
>I was hoping someone might be able to help me fix an issue I have
>encountered.
>
>I tested KRB5 1.3.6 on AIX 5.2 using C for AIX and the installed make.
>Created a krb5.conf and krb5.keytab to talk to a Windows 2k AD Domain
>Controller. Had no issues, connected and received tickets fine.
>
>I recently installed KRB5 1.4 on the same machine after removing the
>1.3.6 footprint. I encountered an issue seen by others with the error:
>
>"Syntax error at line 1 : `(' is not matched"
>
>when using AIX's make; but it seems to work fine using GNU Make.
>
>After compiling and doing a make install, I consistently receive the
>following message when using kinit while using the same keytab and
>configuration as 1.3.6:
>
>"Cannot resolve network address for KDC in requested realm while getting
>initial credentials"
>
>Is there a significant change to krb5.conf between 1.3.6 and 1.4 ? The
>binaries seem to work fine; but it does not look like it is even looking
>at the krb5.conf file. I can change the name or move it and the message
>stays the same. I have tried disabling DNS for realm and kdc; put
>master_kdc in the entries; but still does not even act like it is
>looking at this file.
>
>Any help is greatly appreciated.
>
>Lamar Saxon Lamar.Saxon at americredit.com
>Lead Server Engineer 817-525-7122
>
>//AmeriCredit
>4001 Embarcadero
>Arlington ,TX 76014
>
>Privileged and Confidential. This e-mail, and any attachments there to, is
>intended only for use by the addressee(s) named herein and may contain
>privileged or confidential information. If you have received this e-mail in
>error, please notify me immediately by a return e-mail and delete this
>e-mail.
> You are hereby notified that any dissemination, distribution or copying of
>this e-mail and/or any attachments thereto, is strictly prohibited.
>
>________________________________________________
>Kerberos mailing list Kerberos at mit.edu
>https://mailman.mit.edu/mailman/listinfo/kerberos
>
>------- End of Forwarded Message
>
>
>--
>
>
>Harry
>
>Internet e-mail: hgm at lanl.gov (Harry G. McGavran, Jr.)
>Los Alamos National Laboratory, Los Alamos, New Mexico 87545
>Phone: 505/667-4050
More information about the Kerberos
mailing list