Bug 430029

Summary: ipa-kpasswd segfaults
Product: [Retired] freeIPA Reporter: Chandrasekar Kannan <ckannan>
Component: ipa-serverAssignee: Simo Sorce <ssorce>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: high Docs Contact:
Priority: high    
Version: 1.0CC: benl, mgregg, rcritten, ssorce, yzhang
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: freeipa-2.0.0-1.fc15 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 246164, 429034    

Description Chandrasekar Kannan 2008-01-24 07:10:26 UTC 
Ticket #146 (new defect)

Opened 2 months ago

Last modified 2 months ago
ipa-kpasswd segfaults
Reported by: 	kmacmill 	Assigned to: 	simo
Priority: 	major 	Milestone: 	release-1
Component: 	ipa-server 	Version: 	
Keywords: 		Cc: 	
Description ¶

On Wed, 2007-12-05 at 20:43 +1000, David O'Brien wrote: This is probably mainly for simo, and is just extra info for the kpasswd

    segfault issue we talked about last night. I reinstalled ipa-server from /FC7/i386/2007-12-04_15_09-build/dist and ran the config script. Attached is the output from what I did next, as well as tail of var/log/messages Hope this is useful. cheers plain text document attachment (ipaServer_kpasswd_issue) Setup complete Next steps: 1. You may need to open some network ports - specifically: TCP Ports: * 80, 443, 8080: HTTP/HTTPS * 389, 636: LDAP/LDAPS * 88, 464: kerberos UDP Ports: * 88, 464: kerberos * 123: ntp 2. You can now obtain a kerberos ticket using the command: 'kinit admin'. This ticket will allow you to use the IPA tools (e.g., ipa-adduser) and the web user interface. [root@darwin ~]# kinit admin Password for admin: [root@darwin ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: admin Valid starting Expires Service principal 12/05/07 20:32:04 12/06/07 20:32:02 krbtgt/AUSTRALIA.COM Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached [root@darwin ~]# ipa-adduser First name: David Last name: Kim Login name: dkim Password: Password (again): gecos []: home directory /home/dkim: shell /bin/sh: dkim successfully added [root@darwin ~]# kinit dkim kinit(v5): Password has expired while getting initial credentials [root@darwin ~]# kpasswd dkim Password for dkim: Enter new password: Enter it again: kpasswd: Cannot contact any KDC for requested realm changing password [root@darwin ~]# plain text document attachment (var_log_messages) tail /var/log/messages Dec 5 20:27:47 darwin setroubleshoot: SELinux is preventing /usr/sbin/httpd (httpd_t) "read write" to socket:[13416] (unconfined_t). For complete SELinux messages. run sealert -l 124ef240-d677-4604-9c76-2559f47a2531 Dec 5 20:27:47 darwin setroubleshoot: SELinux is preventing /usr/sbin/nss_pcache (httpd_t) "sys_nice" to <Unknown> (httpd_t). For complete SELinux messages. run sealert -l d4b9636e-6cb8-4481-90c7-d858da64eea1 Dec 5 20:27:47 darwin setroubleshoot: SELinux is preventing /usr/sbin/httpd (httpd_t) "sys_nice" to <Unknown> (httpd_t). For complete SELinux messages. run sealert -l d4b9636e-6cb8-4481-90c7-d858da64eea1 Dec 5 20:27:48 darwin last message repeated 2 times Dec 5 20:27:50 darwin setroubleshoot: SELinux is preventing /usr/sbin/radiusd (radiusd_t) "read write" to socket:[13416] (unconfined_t). For complete SELinux messages. run sealert -l b37f4caf-25ec-40d0-851c-0f1bfca01d77 Dec 5 20:27:55 darwin setroubleshoot: SELinux is preventing /usr/kerberos/sbin/krb5kdc (krb5kdc_t) "read write" to socket:[13416] (unconfined_t). For complete SELinux messages. run sealert -l 0ab104c2-83e3-4a98-8def-320cb0cee2ac Dec 5 20:33:17 darwin kpasswd[3963]: Unable to read request: Decrypt integrity check failed Dec 5 20:33:17 darwin kernel: ipa_kpasswd[3963]: segfault at bfa00000 eip 499ee407 esp bfa58768 error 4 Dec 5 20:33:27 darwin kpasswd[3964]: Unable to read request: Decrypt integrity check failed Dec 5 20:33:27 darwin kernel: ipa_kpasswd[3964]: segfault at bfa00000 eip 499ee407 esp bfa58768 error 4

Change History
2007-12-05 11:46:59 changed by kmacmill ¶

    * milestone changed from milestone-6 to release-1.
Comment 4 Yi Zhang 2008-04-07 17:17:18 UTC 
ipa-adduser success in cli.

ipa-kpasswd rename to ipa-passwd (?)

otherwise, work good

qa verified , bug closed, build: 4-7-2008 daily build
Comment 5 Rob Crittenden 2008-04-07 17:32:42 UTC 
ipa_kpasswd is a daemon that listens for kerberos password requests.

ipa-passwd is a command-line utility that admins can use to change passwords.