Segmentation fault when trying to start kadmind
Joshua Schaeffer
jschaeffer0922 at gmail.com
Thu Jul 20 10:54:43 EDT 2017
On 07/19/2017 06:54 PM, Greg Hudson wrote:
> On 07/19/2017 08:22 PM, Joshua Schaeffer wrote:
>> * Do you know if ldap_kdc_dn needs read rights to the krbPrincipalKey
>> attribute?
> It does. The KDC is the primary user of principal long-term keys; it
> uses them to verify pre-authentication, encrypt KDC replies, and encrypt
> service tickets.
Okay, good to know. I will leave that account as is.
>
>> * Would you consider the segmentation fault a bug?
> I filed a PR for the crash bug and it should be fixed in upcoming patch
> releases. This bug only occurs when the master key is manually entered
> (no stash file) and the K/M entry has no key data (LDAP access error).
> I'm still not sure why kdb5_ldap_util create -s didn't create a stash
> file in your scenario.
Yes, I am unsure about this too. If I had to guess it was just a combination of running through my steps multiple times which created some weird environment situation. Or, more likely, it was just an EBKAC error :)
Thanks again for all your help.
Joshua Schaeffer
More information about the Kerberos
mailing list