Bugs in 1.14.3 krb5kdc on startup
David Shrimpton
d.shrimpton at its.uq.edu.au
Wed Jul 27 04:22:23 EDT 2016
Hi,
While testing a newly compiled 1.14.3 I found a few confusing things
in logs that look like small bugs in net-server.c code.
Note: the kdc.conf has kdc_tcp_ports = ""
to disable tcp .
On startup krb5kdc logs:
Jul 27 16:12:38 myhostname krb5kdc[26223](info): setting up network...
Jul 27 16:12:38 myhostname krb5kdc[26223](info): listening on fd 7: udp 0.0.0.0.88 (pktinfo)
krb5kdc: Address family not supported by protocol - Cannot create TCP server socket on ::.88
Jul 27 16:12:38 myhostname krb5kdc[26223](info): set up 1 sockets
Jul 27 16:12:38 myhostname krb5kdc[26226](info): commencing operation
strace shows a call to socket to match the "::.88" log entry:
socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP) = -1 EAFNOSUPPORT (Address family not supported by protocol)
write(3, "krb5kdc: Address family not supp"..., 93) = 93
I think this may be showing some small bugs in lib/apputils/net-server.c.
1. The log message should show UDP not TCP as a UDP socket is being attempted
to be created. The code logs TCP always regardless of whether UDP or TCP
socket is being created. This is confusing in the situation above where
tcp has been disabled in kdc.conf.
2. There is no time and date on the "krb5kdc: Address family not supported ..."
log line
strace shows:
write(3, "krb5kdc: Address family not supp"..., 93)
v earlier log entry
write(3, "Jul 27 16:11:31
I think this is intended to be a separate log line and not part of the previous line
and should have time and date and hostname.
3. krb5kdc is automatically attempting to create an ipv6 socket
but there are no ipv6 interfaces on this host to bind to this socket
if it were created. This is a bit confusing and leads to the misleading
error message above always on startup on this host when there should be
no error message at all.
--
David Shrimpton
Information Technology Services | The University of Queensland
More information about the Kerberos
mailing list