From jinz@gene.COM Mon Dec 17 23:19:58 2001
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76])
by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id XAA23301
for <bugs@RT-11.mit.edu>; Mon, 17 Dec 2001 23:19:57 -0500 (EST)
Received: from genie.gene.com (genie-open.gene.com [192.12.78.1])
by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id XAA26183;
Mon, 17 Dec 2001 23:02:15 -0500 (EST)
Received: from larned.gene.com (larned.gene.com [128.137.49.7])
by genie.gene.com (8.11.0/8.11.0) with ESMTP id fBI42E6278589;
Mon, 17 Dec 2001 20:02:14 -0800 (PST)
Received: from gene.com (dhcp194-165.gene.com [128.137.194.165])
by larned.gene.com (8.11.3/8.11.3) with ESMTP id fBI42DW1056106;
Mon, 17 Dec 2001 20:02:14 -0800 (PST)
Message-Id: <3C1EBF7E.A9C0A89B@gene.com>
Date: Mon, 17 Dec 2001 20:01:02 -0800
From: Jin Zhou <jinz@gene.COM>
To: kerberos@mit.edu, krb5-bugs@mit.edu
Subject: Bug with Kerberos 1.2.2 for 64 bit HPUX 11 !?
I compiled Kerberos 1.2.2 on HPUX 11.00 with "+DD64" flag passed to
cc compiler, which means all
the binaries will be in 64 bit format.
Everything so far works fine except for /usr/local/sbin/kadmin. Here
is what happens when I run kadmin
trying to connect to a kadmind & krb5kdc running on another Unix box:
%
% /usr/local/sbin/kadmin
Authenticating as principal user1/admin@TEST.COM with password.
Enter password:
kadmin: GSS-API (or Kerberos) error while initializing kadmin
interface
%
In KDC's /var/log/kadmin.log file, I can see that (xxx is the
machine's IP address):
kadmind[4342](Notice): Authentication attempt failed: xxx.xxx.xxx.xxx,
GSS-API error strings are:
kadmind[4342](Notice): A token was invalid
kadmind[4342](Notice): Token header is malformed or corrupt
kadmind[4342](Notice): GSS-API error strings complet
I did some troubleshootings, finally the problem being traced back
to system call "clnt_call()" around line #287 in
./Kerberos/src/lib/rpc/auth_gssapi.c where "call_res" gets its value by
calling "clnt_call()". The program exit around line #329 when the value
of "call_res.gss_major" is checked and found invalid.
The interesting part is that I'm not sure whether this is a bug in
HPUX 11 64 bit RPC library or a bug with Kerberos 122. Because
clnt_call() actually returns "RPC_SUCCESS" as exit code, but yet gets
invalid value for "call_res.gss_major".
Can somebody who runs 64 bit Kerberos on HPUX 11 test whether kadmin
works or not ? My KDC has no problem, because we can run kadmin from
other (SGI, SUN, HPUX10.20) Kerberos systems without any problem.
If this is a bug, then just treat my message a bug report.
Thanks
Jin
-----------------------------------
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76])
by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id XAA23301
for <bugs@RT-11.mit.edu>; Mon, 17 Dec 2001 23:19:57 -0500 (EST)
Received: from genie.gene.com (genie-open.gene.com [192.12.78.1])
by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id XAA26183;
Mon, 17 Dec 2001 23:02:15 -0500 (EST)
Received: from larned.gene.com (larned.gene.com [128.137.49.7])
by genie.gene.com (8.11.0/8.11.0) with ESMTP id fBI42E6278589;
Mon, 17 Dec 2001 20:02:14 -0800 (PST)
Received: from gene.com (dhcp194-165.gene.com [128.137.194.165])
by larned.gene.com (8.11.3/8.11.3) with ESMTP id fBI42DW1056106;
Mon, 17 Dec 2001 20:02:14 -0800 (PST)
Message-Id: <3C1EBF7E.A9C0A89B@gene.com>
Date: Mon, 17 Dec 2001 20:01:02 -0800
From: Jin Zhou <jinz@gene.COM>
To: kerberos@mit.edu, krb5-bugs@mit.edu
Subject: Bug with Kerberos 1.2.2 for 64 bit HPUX 11 !?
Show quoted text
>Number: 1028
>Category: pending
>Synopsis: Bug with Kerberos 1.2.2 for 64 bit HPUX 11 !?
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: gnats-admin
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Mon Dec 17 23:20:00 EST 2001
>Last-Modified:
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Unformatted:
Hi:>Category: pending
>Synopsis: Bug with Kerberos 1.2.2 for 64 bit HPUX 11 !?
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: gnats-admin
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Mon Dec 17 23:20:00 EST 2001
>Last-Modified:
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Unformatted:
I compiled Kerberos 1.2.2 on HPUX 11.00 with "+DD64" flag passed to
cc compiler, which means all
the binaries will be in 64 bit format.
Everything so far works fine except for /usr/local/sbin/kadmin. Here
is what happens when I run kadmin
trying to connect to a kadmind & krb5kdc running on another Unix box:
%
% /usr/local/sbin/kadmin
Authenticating as principal user1/admin@TEST.COM with password.
Enter password:
kadmin: GSS-API (or Kerberos) error while initializing kadmin
interface
%
In KDC's /var/log/kadmin.log file, I can see that (xxx is the
machine's IP address):
kadmind[4342](Notice): Authentication attempt failed: xxx.xxx.xxx.xxx,
GSS-API error strings are:
kadmind[4342](Notice): A token was invalid
kadmind[4342](Notice): Token header is malformed or corrupt
kadmind[4342](Notice): GSS-API error strings complet
I did some troubleshootings, finally the problem being traced back
to system call "clnt_call()" around line #287 in
./Kerberos/src/lib/rpc/auth_gssapi.c where "call_res" gets its value by
calling "clnt_call()". The program exit around line #329 when the value
of "call_res.gss_major" is checked and found invalid.
The interesting part is that I'm not sure whether this is a bug in
HPUX 11 64 bit RPC library or a bug with Kerberos 122. Because
clnt_call() actually returns "RPC_SUCCESS" as exit code, but yet gets
invalid value for "call_res.gss_major".
Can somebody who runs 64 bit Kerberos on HPUX 11 test whether kadmin
works or not ? My KDC has no problem, because we can run kadmin from
other (SGI, SUN, HPUX10.20) Kerberos systems without any problem.
If this is a bug, then just treat my message a bug report.
Thanks
Jin
-----------------------------------