Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.427 (Entity 5.427) Subject: kdb5_ldap_stash_service_password() stash file logic needs tweaking X-RT-Original-Encoding: iso-8859-1 Content-Length: 838 In kdb5_ldap_stash_service_password() there is a call to profile_get_string() at line 127 which is: profile_get_string (util_context->profile, KDB_MODULE_SECTION, section, "ldap_service_password_file", NULL, &file_name); The problem with this code is that if one has a [dbmodules] section in krb5.conf but it doesn't contain an assignment for ldap_service_password_file then file_name ends up being NULL and the kdb5_ldap_util stashsrvpw command fails with a Failed to open file error. The code at line 127 should be: profile_get_string (util_context->profile, KDB_MODULE_SECTION, section, "ldap_service_password_file", DEF_SERVICE_PASSWD_FILE, &file_name); ^^^^^ this as the default value instead of NULL