DNS server hangs in/after gss_indicate_mechs call on Windows with krb5-1.9 libs
Elzey, Blaine A (Blaine)
blaine.elzey at alcatel-lucent.com
Thu Feb 24 16:08:29 EST 2011
I am running DNS on Windows 2008, my KDC is Windows 2003 SP2. On the DNS server machine I see the krb5.ini is read, but the specified default_keytab_name file is never opened. I have tried many variations for the syntax of the default_keytab_name value to no avail. I have also tried variation of different libdefaults values with no luck. The DNS server does not answer any queries about 2 seconds after starting. The last action the process monitor sees is the successful IRP_MJ_CLEANUP operation for the krb5.ini file (after successful open and read.) I do see context swithes climb slowly for the process, but nothing else (no CPU or IO). The stack:
ntiskrnl.exe!KeWaitForMultipleObjects
ntiskrnl.exe!PsGetCurrentThreadTeb
ntiskrnl.exe!NtOpenProcessToken
ntiskrnl.exe!KiDeliverApc
ntiskrnl.exe!KiFastSystemCallRet
ntoskrnl.exe!WaitForSingleObject
gssapi32.dll!gss_indicate_mechs
gssapi32.dll!gss_indicate_mechs
gssapi32.dll!gss_indicate_mechs
gssapi32.dll!gss_init_sec_context
gssapi32.dll!gss_add_cred
gssapi32.dll!gss_acquire_cred
libdns_qddns.dll!dst_gssapi_acquirecred
name.exe!ns_tkeyctx_fromconfig
...
Krb5.ini:
[libdefaults]
default_realm = LABW2K3.COM
default_keytab_name = C:/Files/dev/krb5.keytab
# the following two must be on des-cbc-crc for MIT kerberos
default_tkt_enctypes = des-cbc-md5
default_tgs_enctypes = des-cbc-md5
dns_lookup_kdc = false
dns_lookup_realm = false
rdns = false
allow_weak_crypto = true
[realms]
LABW2K3.COM = {
kdc = 10.54.0.42:88
default_domain = test.com
}
[domain_realm]
.test.com = LABW2K3.COM
test.com = LABW2K3.COM
.labw2k3.com = LABW2K3.COM
labw2k3.com = LABW2K3.COM
[logging]
# kdc = FILE:C:/Files/dev/krb5kdc.log
# admin_server = FILE:C:/Files/dev/kadmin.log
# default = FILE:C:/Files/dev/krb5lib.log
kdc = STDERR
admin_server = STDERR
default = STDERR
More information about the krbdev
mailing list