MIT Kerberos kadm5_hook plugins calling kadmin functions
Greg Hudson
ghudson at MIT.EDU
Tue Dec 10 00:12:43 EST 2013
On 12/09/2013 11:26 PM, Russ Allbery wrote:
> This works fine on Heimdal, but with MIT Kerberos 1.10.1 in Debian stable
> it appears to corrupt the state of the db2 plugin.
I can see how problems would result; kadm5_destroy() calls
krb5_db_fini() on the context. kadmind seg faulting is probably a bug,
but the KRB5_KDB_DBNOTINITED error is kind of expected. We wouldn't
have this problem if DB handles were independent of krb5 contexts, but
that isn't our current design.
I think your code should work if you create a new context with
kadm5_init_krb5_context() instead of using the one passed in through the
plugin interface. You should be able to safely use the passed-in
context for krb5_db operations, but not to create a kadm5srv handle.
More information about the Kerberos
mailing list