Compiling with --with-kdc-kdb-update fails

Erinn Looney-Triggs erinn.looneytriggs at
Wed Aug 5 16:16:45 EDT 2009

So it looks like this has been an issue for a long time, and I certainly
hope I am not missing some important response about this, my appologies
if I am. This option is not covered in the krb5-install.html guide
(which oddly is referred to by the README as install.html which doesn't
exist) but it is an option when doing a ./configure --help.

Here are the salient errors though these have been documented before:
/usr/bin/ld: Dwarf Error: Offset (2273) greater than or equal to
.debug_str size (942).
do_as_req.o: In function `process_as_req':
/home/looneytr/Download/krb5-1.7/src/kdc/do_as_req.c:695: undefined
reference to `krb5_db_set_name'
/home/looneytr/Download/krb5-1.7/src/kdc/do_as_req.c:697: undefined
reference to `krb5_db_init'

There appears to be three bugs related to this issue:
989 krb5 1.2.2 build fails in kdc/do_as_req.c with --with-kdc-kdb-update
5668 DAL changes break --with-kdc-kdb-update build
5716 Build issues --with-kdc-kdb-update HPUX 11.23 and Linux x86_64

Bug 989 includes a patch and shows its progress as pending though that
is from six years ago.

We have come up with two solutions to this issue though neither is perfect.

One comment/ifdef out this section of code:
  if (kdc_active_realm->realm_dbname)
  /* Reset master key */
  krb5_db_set_mkey(kdc_context, &kdc_active_realm->realm_mkey);

Though we are unsure of what those functions do exactly so this does not
seem like a great option.

Or two:
  if (kdc_active_realm->realm_dbname)
    if ((errcode =
krb5_set_default_realm(kdc_active_realm->realm_context, kdc_active_realm->
realm_dbname))) {
      return errcode;
  if((errcode = krb5_db_open(kdc_active_realm->realm_context, NULL ,
    return errcode;
  /* Reset master key */
  krb5_db_set_mkey(kdc_context, &kdc_active_realm->realm_mkey);

Though with this option and our testing has yielded a rather sizable
memory leak (couple hundred megs over a couple million kinits).

Both of these were taken from the groups here.

I guess the question that I really have is, is there any planned fix for
this issue or is this option being unofficially deprecated as it is not
referenced in the krb5-install.html? Given that option two above yields
a memory leak is option one a safe one?

Given that this is a rather handy peice of functionality it would be
great if it would continue to be maintained but as this has been broken
for years now I am trying to get a gauge on what the course is for this
particular config option.


More information about the krbdev mailing list