Using Smartcard with PK-INIT does not respond

Loren M. Lang lorenl at
Wed Mar 4 19:23:22 EST 2009

On Wed, 2009-03-04 at 12:11 -0600, John Hascall wrote:
> > > Mar 04 07:04:13 server krb5kdc[18148](info): AS_REQ (7 etypes {18 17 16
> > > 23 1 3 2}) KDC_RETURN_PADATA: user at EXAMPLE.COM for
> > > krbtgt/EXAMPLE.COM at EXAMPLE.COM, Cannot allocate memory
> > > There is no memory crunch on the server.
> > After a quick glance at the code, I don't see where ENOMEM is returned
> > in cases where it wasn't an allocation error.  If you have output from
> > -DDEBUG, that might give us a clue of the problem.
> Typically I find this happens where something has previously gone 
> amiss and "malloc" gets passed some absurd number.

The server and client are two different machines.  I only modified the
client machine's and, yes, I did rename the old to in the same directory.  Moving the original
completely out of lib as Douglas suggested did not fix it.  I ran strace
-okdc.trace krb5kdc -n on the server.  Looking through the trace logs
from the accept() of the preauth connection to write() I see nothing
suspicious and no ENOMEM errors.  I see a bunch of read()s of my AS-REQ,
various access to principal* and a read() from /dev/urandom.  Nothing
between accept() and the write() of the error message even returns a
negative number.

> John
> ________________________________________________
> Kerberos mailing list           Kerberos at
Loren M. Lang
lorenl at

Public Key:
Fingerprint: 10A0 7AE2 DAF5 4780 888A  3FA4 DCEE BB39 7654 DE5B
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7539 bytes
Desc: not available
Url :

More information about the Kerberos mailing list