Red Hat Bugzilla – Bug 127336
krb5 package breaks with openafs
Last modified: 2007-11-30 17:10:45 EST
Description of problem:
The most recent MIT kerberos errata for FC1 somehow breaks pam_krb5afs.so.
pam_krb5afs.so is segfaulting somewhere in the login process with
NCSU's realm kit. (openafs+hesiod+kerberos). If the user
successfully logs in, he is imediantly returned to the login prompt or
I have some straces that might be useful, although they didn't seem to
shed much light on the subject. Otherwise, I'm having a hard time
tracking this one down. Let me know how I can help you debug this.
Version-Release number of selected component (if applicable):
This is the krb5 package on Fedora Core 1 1.3.3-6. Downgrading back
to 1.3.1-6 makes the problem go away.
I've duplicated the problem with Fedora Core 2. Being I'm more
interested in that I'm changing the version for this bug.
The login process is segfaulting directly after the pam_krb5afs.so
module calls krb_afslog() around line 113 of tokens.c.
Now to play in the evil kerberos code...*sigh*
Nalin, if you get a chance to look I've traced things thus far:
The segfault is happening somewhere in the get_cred() fuction from the
krbafs package in afskrb.c. So next on my list to track are
Also, I've noticed that this is the second token that pam_krb5.so is
trying to get.
I've discovered that if you remove patch 24
(krb5-1.3.1-server-sort.patch) then the krb4 bits get all the
afstokens without segfaulting. In otherwords, there's something amiss
with that patch...