[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Heimdal / MIT incompatibilities

I have an MIT 1.2.1 KDC/installation and I've been playing around with
Heimdal 0.3e, with an eye to upgrade at some point in the future.  So far
I've encountered 2 things which trouble me about potential incompatibility.
I don't recall seeing them mentioned here and don't see them offhand looking
through the list archive either.

1) kadmin hangs trying to do any operation.  Here's a backtrace while trying
to perform a "get":

(gdb) where
#0  0x401fba44 in read () from /lib/libc.so.6
#1  0x4010a4bc in __DTOR_END__ () from /opt/heimdal/lib/libroken.so.9
#2  0x400b9dda in krb5_net_read (context=0x80516b8, p_fd=0xbfffee84, 
    buf=0xbfffed7b, len=1) at net_read.c:46
#3  0x400be466 in krb5_sendauth (context=0x80516b8, auth_context=0x8051898, 
    p_fd=0xbfffee84, appl_version=0x4001d8a1 "KADM0.1", client=0x0, 
    server=0x8055bc0, ap_req_options=2, in_data=0x0, in_creds=0x0, 
    ccache=0x8055a70, ret_error=0x0, rep_result=0x0, out_creds=0x0)
    at sendauth.c:102
#4  0x4001bdb1 in kadm_connect (ctx=0x8051860) at init_c.c:355
#5  0x4001bf61 in _kadm5_connect (handle=0x8051860) at init_c.c:413
#6  0x4001b1c4 in kadm5_c_get_principal (server_handle=0x8051860, 
    princ=0x8055540, out=0xbffff3a8, mask=4294705151) at get_c.c:51
#7  0x4001ac7d in kadm5_get_principal (server_handle=0x8051860, 
    princ=0x8055540, out=0xbffff3a8, mask=4294705151) at common_glue.c:92
#8  0x804b742 in do_get_entry (principal=0x8055540, data=0xbffff468)
    at get.c:208
#9  0x804dd7f in foreach_principal (exp=0x80555bc "griffon", 
    func=0x804b710 <do_get_entry>, data=0xbffff468) at util.c:500
#10 0x804b8b7 in getit (name=0x804ec1d "get", terse_flag=0, argc=1, 
    argv=0x80554b4) at get.c:273
#11 0x804b8f4 in get_entry (argc=2, argv=0x80554b0) at get.c:283
#12 0x4004be2d in sl_command (cmds=0x8051164, argc=2, argv=0x80554b0)
    at sl.c:234
#13 0x4004c066 in sl_command_loop (cmds=0x8051164, 
    prompt=0x804f591 "kadmin> ", data=0xbffff580) at sl.c:319
#14 0x4004c0de in sl_loop (cmds=0x8051164, prompt=0x804f591 "kadmin> ")
    at sl.c:335
#15 0x804c1b7 in main (argc=0, argv=0xbffff63c) at kadmin.c:304
#16 0x4015ddcc in __libc_start_main () from /lib/libc.so.6

2) While trying to do a kinit -4 to get both V4 and V5 tickets:

<griffon>KeyserSoze-pts/5[36]/opt/heimdal/bin$ ./kinit -4
griffon@SNURGLE.ORG's Password: 
kinit: converting creds: Unknown error 2544761088

Asides from the fact that the conversion doesn't work, there appears to be
the problem that heimdal is treating the error code as an unsigned number
when it should really be signed:
<griffon>KeyserSoze-pts/15[2]~$ perl -e 'printf "%d\n", 2544761088;'
<griffon>KeyserSoze-pts/14[22]~/lsrc/krb5-1.2.1/src/krb524$ grep --
-1750206208 krb524_err.h
#define KRB524_BADKEY                            (-1750206208L)

The KDC doesn't log anything unusual during either of these two bugs.
Obviously, the MIT tools work fine doing the same operations.  Advice on
either of these problems would be appreciated, even if it's "We don't expect
that to work." 8^)


..ooOO chris@chiappa.net              | My opinions are my own  OOoo..
..ooOO Chris.Chiappa@oracle.com       | and certainly not those OOoo..
..ooOO http://www.chiappa.net/~chris/ | of my employer          OOoo..