Description of problem: The most recent MIT kerberos errata for FC1 somehow breaks pam_krb5afs.so. pam_krb5afs.so is segfaulting somewhere in the login process with NCSU's realm kit. (openafs+hesiod+kerberos). If the user successfully logs in, he is imediantly returned to the login prompt or gdm screen. I have some straces that might be useful, although they didn't seem to shed much light on the subject. Otherwise, I'm having a hard time tracking this one down. Let me know how I can help you debug this. Version-Release number of selected component (if applicable): This is the krb5 package on Fedora Core 1 1.3.3-6. Downgrading back to 1.3.1-6 makes the problem go away.
I've duplicated the problem with Fedora Core 2. Being I'm more interested in that I'm changing the version for this bug. The login process is segfaulting directly after the pam_krb5afs.so module calls krb_afslog() around line 113 of tokens.c. Now to play in the evil kerberos code...*sigh*
Nalin, if you get a chance to look I've traced things thus far: The segfault is happening somewhere in the get_cred() fuction from the krbafs package in afskrb.c. So next on my list to track are krb_get_cred() krb_mk_req() Also, I've noticed that this is the second token that pam_krb5.so is trying to get.
Nalin, I've discovered that if you remove patch 24 (krb5-1.3.1-server-sort.patch) then the krb4 bits get all the afstokens without segfaulting. In otherwords, there's something amiss with that patch...