Segmentation fault when trying to start kadmind

Greg Hudson ghudson at
Wed Jul 19 20:54:16 EDT 2017

On 07/19/2017 08:22 PM, Joshua Schaeffer wrote:
> * Do you know if ldap_kdc_dn needs read rights to the krbPrincipalKey
> attribute?

It does.  The KDC is the primary user of principal long-term keys; it
uses them to verify pre-authentication, encrypt KDC replies, and encrypt
service tickets.

> * Would you consider the segmentation fault a bug?

I filed a PR for the crash bug and it should be fixed in upcoming patch
releases.  This bug only occurs when the master key is manually entered
(no stash file) and the K/M entry has no key data (LDAP access error).
I'm still not sure why kdb5_ldap_util create -s didn't create a stash
file in your scenario.

More information about the Kerberos mailing list