krb5 with anonymous kinit, "Cannot allocate memory"
Benjamin Kaduk
kaduk at MIT.EDU
Fri Oct 11 21:45:54 EDT 2013
There are certainly some places in the pkinit code where the return value
is initialized to ENOMEM which can get returned for failures other than
memory allocation. It's hard to venture a guess as to which one(s) you
are running into, though.
Do you have a sense for how reproducible the problem is? (E.g., on a
single client/machine level, all requests, somewhere in between.) If it
is reproducible, a captured packet could in principle be replayed against
a debugging KDC and the execution stepped through to find where the error
is returned.
One coarse-grained factor is whether you are using the openssl or NSS
backend for pkinit.
-Ben Kaduk
More information about the Kerberos
mailing list