Segmentation fault when trying to start kadmind
Greg Hudson
ghudson at mit.edu
Wed Jul 19 20:54:16 EDT 2017
On 07/19/2017 08:22 PM, Joshua Schaeffer wrote:
> * Do you know if ldap_kdc_dn needs read rights to the krbPrincipalKey
> attribute?
It does. The KDC is the primary user of principal long-term keys; it
uses them to verify pre-authentication, encrypt KDC replies, and encrypt
service tickets.
> * Would you consider the segmentation fault a bug?
I filed a PR for the crash bug and it should be fixed in upcoming patch
releases. This bug only occurs when the master key is manually entered
(no stash file) and the K/M entry has no key data (LDAP access error).
I'm still not sure why kdb5_ldap_util create -s didn't create a stash
file in your scenario.
More information about the Kerberos
mailing list