[krbdev.mit.edu #5849] KDC -with-kdc-kdb-update
ryan.lange@L-3com.com via RT
rt-comment at krbdev.mit.edu
Wed Dec 5 20:08:42 EST 2007
Kerberos Team,
I've been using Kerberos for about 6 months now and have a handle on the
parts I am interested in. I appreciate all of your hard work. I've
played with some parts of the code to understand how things work. I
have found a definite bug that exists in at least krb5-1.6 and the
current release krb5-1.6.3. My configuration settings are below. The
problem exists within the Pre-Authentication section of the KDC.
Specifically in do_as_req.c. The section of code that is just below the
comment "ptooey. We want krb5_db_sync() or something like that." does
not compile because a couple of these functions no longer exist.
Example: cd to krb5-1.6.3/src and perform the grep commands listed
below.
configure -without-krb4 -with-ldap -with-kdc-kdb-update
make
Make fails on the KDC.
grep krb5_db_set_name -r *
grep krb5_db_init -r *
There is a prototype for init, but no function exists and set_name is
clearly not there at all.
FYI: I am using an Intel Linux machine to host the KDC and using OS X
10.4.10 as a client. On another note: I am not sure why, but the code
within do_as_req.c gets executed twice under my setup when an incorrect
password is entered on the client. I suspect a problem within OS X
since using an incorrect password within kinit only executes the code
once.
Thanks for your time,
Ryan Lange
Sr. Software Eng.
L-3 Communications IS
More information about the krb5-bugs
mailing list