From root@jake2.cc.binghamton.edu Tue Sep 28 17:13:58 1999 Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id RAA19837 for ; Tue, 28 Sep 1999 17:13:57 -0400 Received: from bingnet2.cc.binghamton.edu by MIT.EDU with SMTP id AA10822; Tue, 28 Sep 99 17:14:02 EDT Received: from jake2.cc.binghamton.edu.binghamton.edu (jake2.cc.binghamton.edu [128.226.1.193]) by bingnet2.cc.binghamton.edu (8.9.3/8.9.3) with SMTP id RAA21232; Tue, 28 Sep 1999 17:13:52 -0400 (EDT) Received: by jake2.cc.binghamton.edu.binghamton.edu (SMI-8.6/SMI-SVR4) id RAA13977; Tue, 28 Sep 1999 17:13:50 -0400 Message-Id: <199909282113.RAA13977@jake2.cc.binghamton.edu.binghamton.edu> Date: Tue, 28 Sep 1999 17:13:50 -0400 From: cthallen@binghamton.edu Reply-To: admins@mail.binghamton.edu To: krb5-bugs@MIT.EDU Cc: mcronk@binghamton.edu, cthallen@binghamton.edu Subject: kadmind changepw bug: core dumps X-Send-Pr-Version: 3.99 >Number: 758 >Category: krb5-kdc >Synopsis: kadmind core dumps after several password changes by admin user >Confidential: no >Severity: serious >Priority: high >Responsible: krb5-unassigned >State: open >Class: sw-bug >Submitter-Id: unknown >Arrival-Date: Tue Sep 28 17:14:01 EDT 1999 >Last-Modified: >Originator: Chris Hallenbeck >Organization: Binghamton University >Release: krb5-current-19990927 >Environment: System: SunOS jake2.cc.binghamton.edu 5.6 Generic_105181-05 sun4m sparc SUNW,SPARCstation-5 Architecture: sun4 >Description: We run krb5kdc, kadmind, and krb524d on Solaris 2.6 machines. The "production" version is "krb5-current-19990712", and was compiled using gcc 2.8.1 on a Sun SPARC5. THIS release (09/27/99) was compiled on a similar machine running Solaris 2.6 using SunProC. In BOTH versions, kadmind coredumps after several password changes. I have only been able to verify this problem in situations where the password changes are being done as a part of a script run by an admin user. ex: kadmin -c $KRB5CCNAME -q "cpw -pw $password $principal" It only seems to take about a dozen such requests before the daemon dies. I have not yet had a chance to test to see how long it takes for a "regular" user running 'kpasswd' to cause this type of coredump -- or if it happens at all! >How-To-Repeat: In "helpdesk" account's '.profile' (under ksh): ----- KRB5CCNAME=/tmp/krb5cc_helpdesk export PATH KRB5CCNAME trap kdestroy 0 1 2 3 5 15 kinit -S kadmin/admin -k -t acct.keytab helpdesk/admin ----------END .profile----------- In 'kpass script' : ----- #!/usr/local/bin/expect -- [snip] spawn kadmin -c $KRB5CCNAME -q "cpw -pw $password $principal" expect { timeout { [snip] ------------END 'kpass' script-------- Our Helpdesk often runs this program up to 100 times a day (especially at the beginning of the semester). Since usage has dropped considerably -- no more than 15 times/day -- we have had FAR fewer coredumps of kadmind. >Fix: No known work-around short of restarting the daemon when you detect that it has died. :-P We'll be more than glad to send you a few of the cores if you actually want them. ;-) Separate, but similar issue: in /src/lib/krb5/os/changepw.c there was a problem with a #ifdef on or about line 86 of the 09/27/99 version (ifdef KRB5_DNS_LOOKUP). If that is NOT defined you get an "undefined symbol: i" error, because the declartion "int i" is inside that #ifdef. Again, that COMPILATION error was received under Solaris 2.6 using SunProC (/opt/SUNWspro/bin/cc). Best regards, Chris Hallenbeck >Audit-Trail: >Unformatted: