Using Smartcard with PK-INIT does not respond
Loren M. Lang
lorenl at alzatex.com
Wed Mar 4 19:23:22 EST 2009
On Wed, 2009-03-04 at 12:11 -0600, John Hascall wrote:
>
> > > Mar 04 07:04:13 server krb5kdc[18148](info): AS_REQ (7 etypes {18 17 16
> > > 23 1 3 2}) 192.168.1.237: KDC_RETURN_PADATA: user at EXAMPLE.COM for
> > > krbtgt/EXAMPLE.COM at EXAMPLE.COM, Cannot allocate memory
>
> > > There is no memory crunch on the server.
>
> > After a quick glance at the code, I don't see where ENOMEM is returned
> > in cases where it wasn't an allocation error. If you have output from
> > -DDEBUG, that might give us a clue of the problem.
>
> Typically I find this happens where something has previously gone
> amiss and "malloc" gets passed some absurd number.
The server and client are two different machines. I only modified the
client machine's pkinit.so and, yes, I did rename the old pkinit.so to
pkinit2.so in the same directory. Moving the original pkinit.so
completely out of lib as Douglas suggested did not fix it. I ran strace
-okdc.trace krb5kdc -n on the server. Looking through the trace logs
from the accept() of the preauth connection to write() I see nothing
suspicious and no ENOMEM errors. I see a bunch of read()s of my AS-REQ,
various access to principal* and a read() from /dev/urandom. Nothing
between accept() and the write() of the error message even returns a
negative number.
>
> John
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
--
Loren M. Lang
lorenl at alzatex.com
http://www.alzatex.com/
Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc
Fingerprint: 10A0 7AE2 DAF5 4780 888A 3FA4 DCEE BB39 7654 DE5B
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7539 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20090304/905dd246/attachment.bin
More information about the Kerberos
mailing list