Bug 127336 - krb5 package breaks with openafs
krb5 package breaks with openafs
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: krb5 (Show other bugs)
2
All Linux
medium Severity high
: ---
: ---
Assigned To: Nalin Dahyabhai
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-07-06 15:03 EDT by Jack Neely
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version: 1.3.4-2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-07-27 18:01:45 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jack Neely 2004-07-06 15:03:59 EDT
Description of problem:
The most recent MIT kerberos errata for FC1 somehow breaks pam_krb5afs.so.

pam_krb5afs.so is segfaulting somewhere in the login process with
NCSU's realm kit.  (openafs+hesiod+kerberos).  If the user
successfully logs in, he is imediantly returned to the login prompt or
gdm screen.  

I have some straces that might be useful, although they didn't seem to
shed much light on the subject.  Otherwise, I'm having a hard time
tracking this one down.  Let me know how I can help you debug this.

Version-Release number of selected component (if applicable):
This is the krb5 package on Fedora Core 1 1.3.3-6.  Downgrading back
to 1.3.1-6 makes the problem go away.
Comment 1 Jack Neely 2004-07-08 15:23:32 EDT
I've duplicated the problem with Fedora Core 2.  Being I'm more
interested in that I'm changing the version for this bug.

The login process is segfaulting directly after the pam_krb5afs.so
module calls krb_afslog() around line 113 of tokens.c.

Now to play in the evil kerberos code...*sigh*
Comment 2 Jack Neely 2004-07-08 17:53:58 EDT
Nalin, if you get a chance to look I've traced things thus far:

The segfault is happening somewhere in the get_cred() fuction from the
krbafs package in afskrb.c.  So next on my list to track are

   krb_get_cred()
   krb_mk_req()

Also, I've noticed that this is the second token that pam_krb5.so is
trying to get.
Comment 3 Jack Neely 2004-07-23 14:46:17 EDT
Nalin,

I've discovered that if you remove patch 24
(krb5-1.3.1-server-sort.patch) then the krb4 bits get all the
afstokens without segfaulting.  In otherwords, there's something amiss
with that patch...

Note You need to log in before you can comment on or make changes to this bug.