Segmentation fault when trying to start kadmind

Joshua Schaeffer jschaeffer0922 at gmail.com
Thu Jul 20 10:54:43 EDT 2017


On 07/19/2017 06:54 PM, Greg Hudson wrote:
> On 07/19/2017 08:22 PM, Joshua Schaeffer wrote:
>> * Do you know if ldap_kdc_dn needs read rights to the krbPrincipalKey
>> attribute?
> It does.  The KDC is the primary user of principal long-term keys; it
> uses them to verify pre-authentication, encrypt KDC replies, and encrypt
> service tickets.

Okay, good to know. I will leave that account as is.

>
>> * Would you consider the segmentation fault a bug?
> I filed a PR for the crash bug and it should be fixed in upcoming patch
> releases.  This bug only occurs when the master key is manually entered
> (no stash file) and the K/M entry has no key data (LDAP access error).
> I'm still not sure why kdb5_ldap_util create -s didn't create a stash
> file in your scenario.
Yes, I am unsure about this too. If I had to guess it was just a combination of running through my steps multiple times which created some weird environment situation. Or, more likely, it was just an EBKAC error :)

Thanks again for all your help.
Joshua Schaeffer


More information about the Kerberos mailing list