kadmin crash with PKCS11
jarek
jarek at poczta.srv.pl
Thu Aug 14 04:38:01 EDT 2014
Hello!
I'm trying to implement periodic keytab renewing with k5srvutil.
It works fine on servers, but crashes on workstations with smart card
authorization. I'm almost sure that the problem is with buggy pkcs11
lib, but I don't understand, why kadmin tries to access smart card when
it should use keytab only:
~ # kadmin -k -t /etc/krb5.keytab -p host/host01.domain at DOMAIN
Authenticating as principal host/host01.domain at DOMAIN with
keytab /etc/krb5.keytab.
Segmentation fault
If I comment out:
#pkinit_identities = PKCS11:/usr/lib/x64-athena/libASEP11.so
it works fine.
Is there any way, to supply alternative krb5.conf to kadmin/k5srvutil ?
best regards
Jarek
More information about the Kerberos
mailing list