Skip Menu |

Download (untitled) / with headers
text/plain 3.6KiB
From Tue Sep 28 17:13:58 1999
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU []) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id RAA19837 for <bugs@RT-11.MIT.EDU>; Tue, 28 Sep 1999 17:13:57 -0400
Received: from by MIT.EDU with SMTP
id AA10822; Tue, 28 Sep 99 17:14:02 EDT
Received: from ( [])
by (8.9.3/8.9.3) with SMTP id RAA21232;
Tue, 28 Sep 1999 17:13:52 -0400 (EDT)
Received: by (SMI-8.6/SMI-SVR4)
id RAA13977; Tue, 28 Sep 1999 17:13:50 -0400
Message-Id: <>
Date: Tue, 28 Sep 1999 17:13:50 -0400
To: krb5-bugs@MIT.EDU
Subject: kadmind changepw bug: core dumps
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 758
>Category: krb5-kdc
>Synopsis: kadmind core dumps after several password changes by admin user
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue Sep 28 17:14:01 EDT 1999
>Originator: Chris Hallenbeck
Binghamton University

Show quoted text
>Release: krb5-current-19990927

System: SunOS 5.6 Generic_105181-05 sun4m sparc SUNW,SPARCstation-5
Architecture: sun4

Show quoted text
We run krb5kdc, kadmind, and krb524d on Solaris 2.6 machines. The "production"
version is "krb5-current-19990712", and was compiled using gcc 2.8.1 on a Sun SPARC5. THIS
release (09/27/99) was compiled on a similar machine running Solaris 2.6 using SunProC.

In BOTH versions, kadmind coredumps after several password changes. I have only been
able to verify this problem in situations where the password changes are being done as a part
of a script run by an admin user.
kadmin -c $KRB5CCNAME -q "cpw -pw $password $principal"

It only seems to take about a dozen such requests before the daemon dies. I have not yet
had a chance to test to see how long it takes for a "regular" user running 'kpasswd' to cause this
type of coredump -- or if it happens at all!

Show quoted text
In "helpdesk" account's '.profile' (under ksh):
trap kdestroy 0 1 2 3 5 15
kinit -S kadmin/admin -k -t acct.keytab helpdesk/admin
----------END .profile-----------

In 'kpass script' :
#!/usr/local/bin/expect --

spawn kadmin -c $KRB5CCNAME -q "cpw -pw $password $principal"
expect {
timeout {
------------END 'kpass' script--------

Our Helpdesk often runs this program up to 100 times a day (especially at the beginning of
the semester). Since usage has dropped considerably -- no more than 15 times/day -- we have
had FAR fewer coredumps of kadmind.

Show quoted text
No known work-around short of restarting the daemon when you detect that it has died. :-P

We'll be more than glad to send you a few of the cores if you actually want them. ;-)

Separate, but similar issue: in <path to src>/src/lib/krb5/os/changepw.c there was a problem with
a #ifdef on or about line 86 of the 09/27/99 version (ifdef KRB5_DNS_LOOKUP). If that is NOT
defined you get an "undefined symbol: i" error, because the declartion "int i" is inside that #ifdef.

Again, that COMPILATION error was received under Solaris 2.6 using SunProC (/opt/SUNWspro/bin/cc).

Best regards,

Chris Hallenbeck
Show quoted text