DNS server hangs in/after gss_indicate_mechs call on Windows with krb5-1.9 libs
diptivs@gmail.com
diptivs at gmail.com
Sat May 11 13:32:23 EDT 2013
Thanks Greg for the confirmation.
The reason behind using 1.9 is:
- I need support for Constrained delegation which is available post 1.8
- My libraries are built using VS2005SP1. And i understand krb5-1.10
onwards versions builds only with VS2010. So i will need to install
VS2010 redistributables as my code builds with 2005. I want to avoid
installing redistributables.
Please let me know your thoughts.
BTW, Do we have any plan to fix this bug in 1.9? If yes expected release
period?
Thank you
Regards,
Dipti
On Fri, May 10, 2013 at 9:50 PM, Greg Hudson <ghudson at mit.edu> wrote:
> On 05/10/2013 04:46 AM, diptivs wrote:
> > When I debugged the code I could get following is the call stack:
>
> Thanks for the stack trace. Using that information, I was able to
> figure out what's wrong.
>
> As you guessed, the kg_vdb mutex is not initialized. During the
> development of release 1.7, a bunch of GSSAPI code was moved around, and
> the initialization of this mutex was accidentally placed into an #ifndef
> _WIN32 block. This bug is at src/lib/gssapi/krb5/gssapi_krb5.c line
> 911-918; only the kg_kdc_flag_mutex mutex initialization should be
> conditional.
>
> In release 1.10, the entire subsystem which used kg_vdb was removed, so
> this bug was not noticed during the testing of Kerberos for Windows 4.
>
> I would strongly recommend using KfW 4, or at the very least a build of
> release 1.10, rather than a build of release 1.9. We only just barely
> made 1.9 build on Windows, whereas 1.10 is the basis of a KfW release
> and has received much more testing.
>
> (As a side note, please refrain from sending the same message to both
> krbdev at mit.edu and kerberos at mit.edu.)
>
>
--
Have a nice day!
Regards,
Dipti
http://in.linkedin.com/in/diptivs
More information about the krbdev
mailing list