From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 Description of problem: The krb5-1.2.7-krsh-deadlock2.patch introducted in krb5-1.2.7-39 on Red Hat EL3.0 creates a bug which potentially causes an incoming encrypted rdist to hang and timeout. This bug also exists in some or all EL4.0 krb5-workstation packages; however, I do not have the resources available to track down which specific versions. Version-Release number of selected component (if applicable): krb5-1.2.7-39 and newer How reproducible: Always Steps to Reproduce: 0. Turn off any firewall rules on both hosts, as rdist requires a random high return TCP port, but isn't stateful with respect to kshd/kshell. 1. On source system, create an rdist file which containas a "special" line. Here is a sample "distfile": HOSTS=(root.com) FILES = (/etc/syslog.conf) ${FILES} -> ${HOSTS} install /tmp/. ; special "echo 'hello world' >> /tnp/syslog.conf"; 2. On the target system (targethost.redhat.com in this case), enable 'kshell' in xinetd.d. 3. On the source system, use a kerberized rdist client, such as the MIT krdist. Run 'krdist -f distfile'. The krdist will hang and eventually timeout. If you comment out the "special" line, it will work. Note that it will always work on repeated attempts once /tmp/syslog.conf gets written (as krdist won't send a file if it's unchanged), so make sure you delete it on the target system if it appears. Actual Results: krdist hangs. On the target system, a temporary rdist file (/tmp/rdistXXXXX) appears with the data that should be written out to the final file (/tmp/syslog.conf), isn't. Expected Results: krdist should complete almost immediately. Additional info: This problem started with krb5-workstation-1.2.7-39. There is only one patch in -39, so there is *something* wrong with that patch.
sorry, that special line should actually >> /tmp/syslog.conf
This bug is filed against RHEL 3, which is in maintenance phase. During the maintenance phase, only security errata and select mission critical bug fixes will be released for enterprise products. Since this bug does not meet that criteria, it is now being closed. For more information of the RHEL errata support policy, please visit: http://www.redhat.com/security/updates/errata/ If you feel this bug is indeed mission critical, please contact your support representative. You may be asked to provide detailed information on how this bug is affecting you.