[krbdev.mit.edu #6777] Segmentation fault in krb library (sn2princ.c) if realm not resolved

[Greg Hudson via RT]

[Richard.Krier at globalfoundries.com - Wed Sep 15 14:20:35 2010]:
> 2. As for krb5_build_principal(), seems the code is set up to return
>    null ret_princ if the input realm is missing,
>    think it is working as designed.

There is no code like that in our tree.  krb5_build_principal() should 
be able to build a principal with an empty realm.  If 
krb5_build_principal() is failing with an empty realm, we will not 
understand your issue until you investigate why.

> 3. I think the root of our problem is related to building the code in
>    64-bit mode; krb5_get_host_realm() behaves
>    differently in 32-bit and 64-bit mode in the case where the realm
>    cannot be resolved from the host name:
> 	a. In 32-bit mode, it properly returns the default_realm value
>    specified value specified in [libdefaults] stanza.
> 	b. In 64-bit mode, it only returns the zero-length string

The behavior of krb5_get_host_realm() changed in krb5 1.6.  The new 
design is that it will return an empty realm if there is no explicit 
krb5.conf configuration mapping the domain to a realm.  This is a cue to 
krb5_get_credentials that it should try KDC referrals against the local 
realm.  If that doesn't work, krb5_get_credentials will invoke 
krb5_get_fallback_host_realm() to perform DNS-based or heuristic methods 
to determine the realm name, eventually falling back to the default 
realm.

If you are seeing different behavior from krb5_get_host_realm() on 32-
bit and 64-bit, then it is probably because you are getting different 
versions of the krb5 libraries for some reason.