[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Problems with afs-salts on Dunix



Hi!

I have built heimdal 0.3c on a Dunix Alpha, with support for V4 and AFS.
However, having this in my krb5.conf:

[libdefaults]
        default_realm = PHYSTO.SE
[realms]
        PHYSTO.SE = {
                kdc = kdc.physto.se
                admin_server = kerberos.physto.se
        }
[domain_realm]
        .physto.se = PHYSTO.SE
[kdc]
        enable-kerberos4 = yes
        v4-realm = PHYSTO.SE
        enable-kaserver = yes
[kadmin]
        default_keys = des:pw-salt: afs3-salt:physto.se

I get the following rather disturbing happenings:

# /usr/heimdal/sbin/kadmin
kadmin> add moa
Max ticket life [1 day]:
Max renewable life [1 week]:
Principal expiration time [never]:
Password expiration time [never]:
Attributes []:
moa@PHYSTO.SE's Password:
Verifying password - moa@PHYSTO.SE's Password:
kadmin> list moa
  moa@PHYSTO.SE
kadmin> list -l moa
               Principal: moa@PHYSTO.SE
       Principal expires: never
        Password expires: never
    Last password change: never
         Max ticket life: 1 day
      Max renewable life: 1 week
                    Kvno: 1
                   Mkvno: 0
                  Policy: none
   Last successful login: never
       Last failed login: never
      Failed login count: 0
           Last modified: 2000-11-24 12:13:40 UTC
                Modifier: admin@PHYSTO.SE
              Attributes:
Segmentation fault (core dumped)

and this is what gdb says:

# gdb /usr/heimdal/sbin/kadmin core
GDB is free software and you are welcome to distribute copies of it
 under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for
details.
GDB 4.16 (alpha-dec-osf3.2), Copyright 1996 Free Software Foundation,
Inc...
Core was generated by `kadmin'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/shlib/libdb.so...done.
Reading symbols from /usr/shlib/libc.so...done.
#0  append_string (state=0x11ffff560, arg=0x0, width=-1, prec=0,
flags=0)
    at snprintf.c:226
226         while (*arg && prec--)
(gdb) where
#0  append_string (state=0x11ffff560, arg=0x0, width=-1, prec=0,
flags=0)
    at snprintf.c:226
#1  0x120084d20 in xyzprintf (state=0x11ffff560, char_format=0x0, ap={
      __base = 0x11ffff600 "\b", __offset = 32}) at snprintf.c:354
#2  0x120085450 in vasnprintf (ret=0x11ffffa98, max_sz=0,
    format=0x1400036c8 "(%.*s)", args={__base = 0x11ffff600 "\b",
      __offset = 16}) at snprintf.c:573
#3  0x120085398 in vasprintf (ret=0x11ffff560, format=0x0, args={__base
= 0x0,
      __offset = -1}) at snprintf.c:548
#4  0x1200852c0 in asprintf (ret=0x11ffff560, format=0x0) at
snprintf.c:492
#5  0x120015ec8 in print_entry_long (princ=0x11ffffac0) at get.c:183
#6  0x12001604c in do_get_entry (principal=0x140016d70, data=0x0) at
get.c:213
#7  0x120019c00 in foreach_principal (exp=0x0,
    func=0x120015fc0 <do_get_entry>, data=0x11ffffc38) at util.c:490
#8  0x1200162a0 in getit (name=0x1 <Address 0x1 out of bounds>,
terse_flag=1,
    argc=1, argv=0x140016c90) at get.c:268
#9  0x120016388 in list_princs (argc=0, argv=0x0) at get.c:284
#10 0x1200257b0 in sl_command (cmds=0x11ffff560, argc=3,
argv=0x140016c80)
    at sl.c:233
#11 0x120025a38 in sl_command_loop (cmds=0x140000518, prompt=0x0,
data=0x0)
    at sl.c:299
#12 0x120025af0 in sl_loop (cmds=0x140000518, prompt=0x140003fe4
"kadmin> ")
    at sl.c:315
#13 0x120017148 in main (argc=0, argv=0x11ffffd90) at kadmin.c:296

Any clues, anyone...?

Now, I could live with not making a long list in kadmin, but what is
more annoying is that when this user tries to log in (and I have
replaced the system login with /usr/heimdal/bin/login and modified the
SIA matrix a la krb5_matrix.conf) he doesn't get any credentials at all,
and the KDC dies:

# gdb /usr/heimdal/libexec/kdc core
GDB is free software and you are welcome to distribute copies of it
 under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for
details.
GDB 4.16 (alpha-dec-osf3.2), Copyright 1996 Free Software Foundation,
Inc...
Core was generated by `kdc'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/shlib/libdb.so...done.
Reading symbols from /usr/shlib/libc.so...done.
#0  0x3ff80199014 in __mallopt ()
(gdb) where
#0  0x3ff80199014 in __mallopt ()
#1  0x3ff80199310 in __mallopt ()
#2  0x3ff800d4544 in free ()
#3  0x120051a1c in free_HostAddresses (data=0x14002ef20)
    at asn1_HostAddresses.c:71
#4  0x120053428 in free_EncTicketPart (data=0x11ffff350)
    at asn1_EncTicketPart.c:473
#5  0x120011808 in do_524 (t=0x11ffff9f8, reply=0x11ffffa90,
    from=0x14001ca44 "IPv4:130.237.205.205", addr=0x14001ca28) at
524.c:236
#6  0x1200134e8 in process_request (
    buf=0x14001d1e0
"a\2010\201 \003\002\001\005\013\e\tPHYSTO.SE\0200\016 \003\002\001\001\a0\005\e\003afs\2010\201 \003\002\001\003\003\002\001\002\201\004\201\001\b-^\220\2327:o\234M%?2V\n\226x\el|\rLs",
len=248, reply=0x11ffffa90, sendlength=0x11ffff9f8,
    from=0x14001ca44 "IPv4:130.237.205.205", addr=0x14001ca28) at
connect.c:385
#7  0x1200136c0 in do_request (buf=0x120011808, len=248, sendlength=0,
    d=0x14001ca00) at connect.c:425
#8  0x120013998 in handle_udp (d=0x14001ca00) at connect.c:476
#9  0x120014814 in loop () at connect.c:786
#10 0x12001cb30 in main (argc=1073818232, argv=0x140012a80) at main.c:98

The same thing happens if he tries to do /usr/heimdal/bin/kinit --afslog

So:   ?????????


                 Cheers,


                   Torbjorn Moa